Unrated severityNVD Advisory· Published Dec 15, 2014· Updated May 6, 2026
CVE-2014-6052
CVE-2014-6052
Description
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
Affected products
5cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812nvdExploitIssue TrackingPatch
- seclists.org/oss-sec/2014/q3/639nvdMailing ListThird Party Advisory
- secunia.com/advisories/61506nvdPermissions RequiredThird Party Advisory
- secunia.com/advisories/61682nvdPermissions RequiredThird Party Advisory
- ubuntu.com/usn/usn-2365-1nvdThird Party Advisory
- www.debian.org/security/2014/dsa-3081nvdThird Party Advisory
- www.ocert.org/advisories/ocert-2014-007.htmlnvdThird Party AdvisoryUS Government Resource
- www.openwall.com/lists/oss-security/2014/09/25/11nvdMailing ListThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlnvd
- www.securityfocus.com/bid/70091nvd
- lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlnvd
- security.gentoo.org/glsa/201507-07nvd
- usn.ubuntu.com/4587-1/nvd
News mentions
0No linked articles in our index yet.