CVE-2014-6054 — Divide By Zero in Libvncserver
Severity
4.3MEDIUMNVD
OSV7.5
EPSS
34.6%
top 2.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 6
Latest updateMay 13
Description
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9
Affected Packages4 packages
Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04
Patches
🔴Vulnerability Details
4📋Vendor Advisories
4💬Community
5Bugzilla▶
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 krfb: various flaws [fedora-all]↗2014-09-24
Bugzilla▶
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [fedora-all]↗2014-09-24
Bugzilla▶
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 CVE-2014-6054 libvncserver: various flaws [epel-5]↗2014-09-24
Bugzilla▶
CVE-2014-6051 CVE-2014-6053 CVE-2014-6052 CVE-2014-6055 libvncserver: various flaws [epel-7]↗2014-09-24
Bugzilla
▶