CVE-2014-6054
published 2014-10-06CVE-2014-6054: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
5.54%
91.9th percentile
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libvncserver | < libvncserver 0.9.9+dfsg-6.1 (bookworm) | libvncserver 0.9.9+dfsg-6.1 (bookworm) |
| libvncserver | libvncserver | <= 0.9.9 | — |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-6.1 | 0.9.9+dfsg-6.1 |
| libvncserver_project | libvncserver | >= 0 < 0.9.9+dfsg-1ubuntu1.1 | 0.9.9+dfsg-1ubuntu1.1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-246j-93ww-rg57: The rfbProcessClientNormalMessage function in libvncserver/rfbserver
ghsa_unreviewed·2022-05-13
CVE-2014-6054 [MEDIUM] GHSA-246j-93ww-rg57: The rfbProcessClientNormalMessage function in libvncserver/rfbserver
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
OSV
italc vulnerabilities
osv·2020-10-20·CVSS 7.5
CVE-2014-6051 [HIGH] italc vulnerabilities
italc vulnerabilities
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)
It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker could used these issues to cause a
denial of service or possibl
OSV
CVE-2014-6054: The rfbProcessClientNormalMessage function in libvncserver/rfbserver
osv·2014-10-06·CVSS 4.3
CVE-2014-6054 [MEDIUM] CVE-2014-6054: The rfbProcessClientNormalMessage function in libvncserver/rfbserver
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
OSV
libvncserver vulnerabilities
osv·2014-09-29·CVSS 7.5
CVE-2014-6051 [HIGH] libvncserver vulnerabilities
libvncserver vulnerabilities
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a denial of service. (CVE-2014-6054)
Nicolas Ruff discovered that LibVN
Ubuntu
iTALC vulnerabilities
vendor_ubuntu·2020-10-20·CVSS 7.5
CVE-2018-20749 [HIGH] iTALC vulnerabilities
Title: iTALC vulnerabilities
Summary: Several security issues were fixed in iTALC.
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)
It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker c
Ubuntu
LibVNCServer vulnerabilities
vendor_ubuntu·2014-09-29·CVSS 7.5
CVE-2014-6051 [HIGH] LibVNCServer vulnerabilities
Title: LibVNCServer vulnerabilities
Summary: Several security issues were fixed in LibVNCServer.
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a d
Red Hat
libvncserver: server divide-by-zero flaw in scaling factor handling
vendor_redhat·2014-09-23·CVSS 4.3
CVE-2014-6054 [MEDIUM] CWE-369 libvncserver: server divide-by-zero flaw in scaling factor handling
libvncserver: server divide-by-zero flaw in scaling factor handling
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client.
Package: kdenetwork (Red Hat Enterprise Linux 5) - Not affected
Package: kdenetwork (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2014-6054: libvncserver - The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNC...
vendor_debian·2014·CVSS 4.3
CVE-2014-6054 [MEDIUM] CVE-2014-6054: libvncserver - The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNC...
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
Scope: local
bookworm: resolved (fixed in 0.9.9+dfsg-6.1)
bullseye: resolved (fixed in 0.9.9+dfsg-6.1)
forky: resolved (fixed in 0.9.9+dfsg-6.1)
sid: resolved (fixed in 0.9.9+dfsg-6.1)
trixie: resolved (fixed in 0.9.9+dfsg-6.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affect
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-5 tracking bug fo
Bugzilla
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
bugzilla·2014-09-24·CVSS 7.5
CVE-2014-6051 [HIGH] CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for libvncserver
Bugzilla
CVE-2014-6054 libvncserver: server divide-by-zero flaw in scaling factor handling
bugzilla·2014-09-19·CVSS 4.3
CVE-2014-6054 [MEDIUM] CVE-2014-6054 libvncserver: server divide-by-zero flaw in scaling factor handling
CVE-2014-6054 libvncserver: server divide-by-zero flaw in scaling factor handling
A divide-by-zero flaw was reported in LibVNCServer's scaling factor handling. A VNC client could use this flaw to cause the VNC server to crash.
Upstream commit:
https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
Discussion:
Acknowledgements:
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Nicolas RUFF as the original reporter.
---
Public now:
http://seclists.org/oss-sec/2014/q3/639
---
Created libvncserver tracking bugs for this issue:
Affects: fedora-all [bug 1145878]
Affects: epel-5 [bug 1145879]
Affects: epel-7 [bug 1145880]
---
Created krfb tracking bugs for this issue:
Affects: fedora-all [bug 1145883]
---
krfb advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlhttp://seclists.org/oss-sec/2014/q3/639http://secunia.com/advisories/61506http://secunia.com/advisories/61682http://www.debian.org/security/2014/dsa-3081http://www.ocert.org/advisories/ocert-2014-007.htmlhttp://www.openwall.com/lists/oss-security/2014/09/25/11http://www.securityfocus.com/bid/70094http://www.ubuntu.com/usn/USN-2365-1https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://security.gentoo.org/glsa/201507-07https://usn.ubuntu.com/4587-1/http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlhttp://seclists.org/oss-sec/2014/q3/639http://secunia.com/advisories/61506http://secunia.com/advisories/61682http://www.debian.org/security/2014/dsa-3081http://www.ocert.org/advisories/ocert-2014-007.htmlhttp://www.openwall.com/lists/oss-security/2014/09/25/11http://www.securityfocus.com/bid/70094http://www.ubuntu.com/usn/USN-2365-1https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlhttps://security.gentoo.org/glsa/201507-07https://usn.ubuntu.com/4587-1/
2014-10-06
Published