cbcvebase.
CVE-2014-6052
published 2014-12-15

CVE-2014-6052: The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows…

PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
6.75%
93.2th percentile
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

Affected

21 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianlibvncserver< libvncserver 0.9.9+dfsg-6.1 (bookworm)libvncserver 0.9.9+dfsg-6.1 (bookworm)
debiantigervnc< tigervnc 1.7.0-2 (bookworm)tigervnc 1.7.0-2 (bookworm)
debianveyon< libvncserver 0.9.9+dfsg-6.1 (bookworm)libvncserver 0.9.9+dfsg-6.1 (bookworm)
libvncserverlibvncserver<= 0.9.9
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-1ubuntu1.10.9.9+dfsg-1ubuntu1.1
oraclesolaris
redhatenterprise_linux_desktop
redhatenterprise_linux_hpc_node
redhatenterprise_linux_server
redhatenterprise_linux_workstation
tigervnctigervnc>= 0 < 1.7.0-21.7.0-2
tigervnctigervnc>= 0 < 1.7.0-21.7.0-2
tigervnctigervnc>= 0 < 1.7.0-21.7.0-2
tigervnctigervnc>= 0 < 1.7.0-21.7.0-2

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.