CVE-2014-6052
published 2014-12-15CVE-2014-6052: The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
6.75%
93.2th percentile
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libvncserver | < libvncserver 0.9.9+dfsg-6.1 (bookworm) | libvncserver 0.9.9+dfsg-6.1 (bookworm) |
| debian | tigervnc | < tigervnc 1.7.0-2 (bookworm) | tigervnc 1.7.0-2 (bookworm) |
| debian | veyon | < libvncserver 0.9.9+dfsg-6.1 (bookworm) | libvncserver 0.9.9+dfsg-6.1 (bookworm) |
| libvncserver | libvncserver | <= 0.9.9 | — |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-1ubuntu1.1 | 0.9.9+dfsg-1ubuntu1.1 |
| oracle | solaris | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| tigervnc | tigervnc | >= 0 < 1.7.0-2 | 1.7.0-2 |
| tigervnc | tigervnc | >= 0 < 1.7.0-2 | 1.7.0-2 |
| tigervnc | tigervnc | >= 0 < 1.7.0-2 | 1.7.0-2 |
| tigervnc | tigervnc | >= 0 < 1.7.0-2 | 1.7.0-2 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
iTALC vulnerabilities
vendor_ubuntu·2020-10-20·CVSS 7.5
CVE-2018-20749 [HIGH] iTALC vulnerabilities
Title: iTALC vulnerabilities
Summary: Several security issues were fixed in iTALC.
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)
It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker c
Red Hat
tigervnc: NULL pointer dereference flaw in XRegion
vendor_redhat·2014-10-10·CVSS 7.5
CVE-2014-8241 [HIGH] CWE-476 tigervnc: NULL pointer dereference flaw in XRegion
tigervnc: NULL pointer dereference flaw in XRegion
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash.
Statement: This issue affects the version of tigervnc as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.
Package: vnc (Red Hat Enterprise Linux 5) - Will not fix
Package: tigervnc (Red Hat Enterprise Linux 6) - Will not fix
Ubuntu
LibVNCServer vulnerabilities
vendor_ubuntu·2014-09-29·CVSS 7.5
CVE-2014-6051 [HIGH] LibVNCServer vulnerabilities
Title: LibVNCServer vulnerabilities
Summary: Several security issues were fixed in LibVNCServer.
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a d
Red Hat
libvncserver: NULL pointer dereference flaw in framebuffer setup
vendor_redhat·2014-09-23·CVSS 7.5
CVE-2014-6052 [HIGH] CWE-476 libvncserver: NULL pointer dereference flaw in framebuffer setup
libvncserver: NULL pointer dereference flaw in framebuffer setup
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash.
Package: kdenetwork (Red Hat Enterprise Linux 5) - Not affected
Package: kdenetwork (Red Hat Enterprise Linux 6) - Not affected
Package: kdenetwork (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2014-8241: tigervnc - XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL...
vendor_debian·2014·CVSS 7.5
CVE-2014-8241 [HIGH] CVE-2014-8241: tigervnc - XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL...
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
Scope: local
bookworm: resolved (fixed in 1.7.0-2)
bullseye: resolved (fixed in 1.7.0-2)
forky: resolved (fixed in 1.7.0-2)
sid: resolved (fixed in 1.7.0-2)
trixie: resolved (fixed in 1.7.0-2)
Debian
CVE-2014-6052: libvncserver - The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0...
vendor_debian·2014·CVSS 7.5
CVE-2014-6052 [HIGH] CVE-2014-6052: libvncserver - The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0...
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
Scope: local
bookworm: resolved (fixed in 0.9.9+dfsg-6.1)
bullseye: resolved (fixed in 0.9.9+dfsg-6.1)
forky: resolved (fixed in 0.9.9+dfsg-6.1)
sid: resolved (fixed in 0.9.9+dfsg-6.1)
trixie: resolved (fixed in 0.9.9+dfsg-6.1)
GHSA
GHSA-gq2g-qwmw-m5q3: XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return v
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2014-8241 [HIGH] CWE-476 GHSA-gq2g-qwmw-m5q3: XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return v
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
GHSA
GHSA-hph4-vx7v-q23g: The HandleRFBServerMessage function in libvncclient/rfbproto
ghsa_unreviewed·2022-05-13
CVE-2014-6052 [HIGH] CWE-20 GHSA-hph4-vx7v-q23g: The HandleRFBServerMessage function in libvncclient/rfbproto
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
OSV
italc vulnerabilities
osv·2020-10-20·CVSS 7.5
CVE-2014-6051 [HIGH] italc vulnerabilities
italc vulnerabilities
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)
It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker could used these issues to cause a
denial of service or possibl
OSV
CVE-2014-8241: XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return v
osv·2016-12-14·CVSS 7.5
CVE-2014-8241 [HIGH] CVE-2014-8241: XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return v
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
OSV
CVE-2014-6052: The HandleRFBServerMessage function in libvncclient/rfbproto
osv·2014-12-15·CVSS 7.5
CVE-2014-6052 [HIGH] CVE-2014-6052: The HandleRFBServerMessage function in libvncclient/rfbproto
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
OSV
libvncserver vulnerabilities
osv·2014-09-29·CVSS 7.5
CVE-2014-6051 [HIGH] libvncserver vulnerabilities
libvncserver vulnerabilities
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a denial of service. (CVE-2014-6054)
Nicolas Ruff discovered that LibVN
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-8241 tigervnc: NULL pointer dereference flaw in XRegion
bugzilla·2014-10-10·CVSS 7.5
CVE-2014-8241 [HIGH] CVE-2014-8241 tigervnc: NULL pointer dereference flaw in XRegion
CVE-2014-8241 tigervnc: NULL pointer dereference flaw in XRegion
This issue was discovered by Tim Waugh of Red Hat. Tigervnc is affected by same thing as in CVE-2014-6052. A NULL pointer dereference flaw was reported in tigervnc. A malicious VNC server could use this flaw to cause a client to crash.
Discussion:
Created attachment 946490
tigervnc-CVE-2014-8241.patch (proposed RHEL-7.1 patch)
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2233 https://rhn.redhat.com/errata/RHSA-2015-2233.html
---
Statement:
This issue affects the version of tigervnc as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat En
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affect
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-5 tracking bug fo
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for libvncserver
Bugzilla
CVE-2014-6052 libvncserver: NULL pointer dereference flaw in framebuffer setup
bugzilla·2014-09-19·CVSS 7.5
CVE-2014-6052 [HIGH] CVE-2014-6052 libvncserver: NULL pointer dereference flaw in framebuffer setup
CVE-2014-6052 libvncserver: NULL pointer dereference flaw in framebuffer setup
A NULL pointer dereference flaw was reported in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a client to crash.
Upstream commit:
https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812
Discussion:
Acknowledgements:
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Nicolas RUFF as the original reporter.
---
Public now:
http://seclists.org/oss-sec/2014/q3/639
---
Created libvncserver tracking bugs for this issue:
Affects: fedora-all [bug 1145878]
Affects: epel-5 [bug 1145879]
Affects: epel-7 [bug 1145880]
---
Created krfb tracking bugs for this issue:
Affects: fedora-all [bug 1145883]
---
krfb adv
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlhttp://seclists.org/oss-sec/2014/q3/639http://secunia.com/advisories/61506http://secunia.com/advisories/61682http://ubuntu.com/usn/usn-2365-1http://www.debian.org/security/2014/dsa-3081http://www.ocert.org/advisories/ocert-2014-007.htmlhttp://www.openwall.com/lists/oss-security/2014/09/25/11http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securityfocus.com/bid/70091https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://security.gentoo.org/glsa/201507-07https://usn.ubuntu.com/4587-1/http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlhttp://seclists.org/oss-sec/2014/q3/639http://secunia.com/advisories/61506http://secunia.com/advisories/61682http://ubuntu.com/usn/usn-2365-1http://www.debian.org/security/2014/dsa-3081http://www.ocert.org/advisories/ocert-2014-007.htmlhttp://www.openwall.com/lists/oss-security/2014/09/25/11http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securityfocus.com/bid/70091https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://security.gentoo.org/glsa/201507-07https://usn.ubuntu.com/4587-1/
2014-12-15
Published