Skip to main content

Libvncserver CVE-2014-6054

MEDIUM
Numeric Errors (CWE-189)
2014-10-06 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 06, 2014 - 14:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

AnalysisAI

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 34.6%.

Technical ContextAI

This vulnerability is classified under CWE-189. The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. Affected products include: Libvncserver, Debian Debian Linux, Canonical Ubuntu Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-7225 CRITICAL POC
9.8 Feb 19

An issue was discovered in LibVNCServer through 0.9.11. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2014-6052 HIGH POC
7.5 Dec 15

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain

CVE-2014-6053 MEDIUM
5.0 Dec 15

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not proper

CVE-2020-25708 HIGH POC
7.5 Nov 27

A divide by zero issue was found to occur in libvncserver-0.9.12. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2016-9942 CRITICAL
9.8 Dec 31

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a den

CVE-2016-9941 CRITICAL
9.8 Dec 31

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a

CVE-2018-20020 CRITICAL
9.8 Dec 19

LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside stru

CVE-2018-20019 CRITICAL
9.8 Dec 19

LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities

CVE-2018-15127 CRITICAL
9.8 Dec 19

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server c

CVE-2018-15126 CRITICAL
9.8 Dec 19

LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code

CVE-2014-6051 HIGH
7.5 Sep 30

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC se

CVE-2014-6055 MEDIUM
6.5 Sep 30

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allo

Share

CVE-2014-6054 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy