cbcvebase.
CVE-2014-6054
published 2014-10-06

CVE-2014-6054: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service…

PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
5.54%
91.9th percentile
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

Affected

10 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianlibvncserver< libvncserver 0.9.9+dfsg-6.1 (bookworm)libvncserver 0.9.9+dfsg-6.1 (bookworm)
libvncserverlibvncserver<= 0.9.9
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-6.10.9.9+dfsg-6.1
libvncserver_projectlibvncserver>= 0 < 0.9.9+dfsg-1ubuntu1.10.9.9+dfsg-1ubuntu1.1

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.