CVE-2014-6051
libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
Desbordamiento de enteros en la función MallocFrameBuffer en vncviewer.c en LibVNCServer 0.9.9 y anteriores permite a servidores remotos VNC causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un anuncio para un tamaño grande de pantalla, lo que provoca un desbordamiento de buffer basado en memoria dinámica.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-09-01 CVE Reserved
- 2014-09-25 CVE Published
- 2023-06-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-189: Numeric Errors
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2014/q3/639 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2014/09/25/11 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/70093 | Vdb Entry | |
| https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html | Mailing List |
|
| https://www.kde.org/info/security/advisory-20140923-1.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ocert.org/advisories/ocert-2014-007.html | 2020-10-23 | |
| https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273 | 2020-10-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 6.5.z Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.5.z" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 20 Search vendor "Fedoraproject" for product "Fedora" and version "20" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 21 Search vendor "Fedoraproject" for product "Fedora" and version "21" | - |
Affected
| ||||||
| Libvncserver Search vendor "Libvncserver" | Libvncserver Search vendor "Libvncserver" for product "Libvncserver" | <= 0.9.9 Search vendor "Libvncserver" for product "Libvncserver" and version " <= 0.9.9" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 11.3 Search vendor "Oracle" for product "Solaris" and version "11.3" | - |
Affected
| ||||||