Unrated severityNVD Advisory· Published Sep 30, 2014· Updated Jun 17, 2026
CVE-2014-6055
CVE-2014-6055
Description
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
23cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*range: <=0.9.9
- (no CPE)range: <=0.9.9
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5.z:*:*:*:*:*:*:*
- osv-coords16 versionspkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 0.9.1-156.1+ 15 more
- (no CPE)range: < 0.9.1-156.1
- (no CPE)range: < 0.9.1-156.1
- (no CPE)range: < 0.9.9-16.1
- (no CPE)range: < 0.9.1-156.1
- (no CPE)range: < 0.9.1-156.1
- (no CPE)range: < 0.9.1-156.1
- (no CPE)range: < 0.9.9-16.1
- (no CPE)range: < 0.9.9-16.1
- (no CPE)range: < 0.9.1-156.1
- (no CPE)range: < 0.9.1-156.1
- (no CPE)range: < 0.9.9-16.1
- (no CPE)range: < 0.9.9-16.1
- (no CPE)range: < 0.9.1-156.1
- (no CPE)range: < 0.9.1-156.1
- (no CPE)range: < 0.9.9-16.1
- (no CPE)range: < 0.9.9-16.1
Patches
Vulnerability mechanics
References
17- github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2envdIssue TrackingPatch
- github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677nvdIssue TrackingPatch
- www.kde.org/info/security/advisory-20140923-1.txtnvdIssue TrackingPatch
- lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2015-0113.htmlnvdThird Party Advisory
- seclists.org/oss-sec/2014/q3/639nvdMailing ListThird Party Advisory
- www.debian.org/security/2014/dsa-3081nvdThird Party Advisory
- www.ocert.org/advisories/ocert-2014-007.htmlnvdThird Party AdvisoryUS Government Resource
- www.openwall.com/lists/oss-security/2014/09/25/11nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/70096nvdThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlnvd
- secunia.com/advisories/61506nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/96187nvd
- lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlnvd
- security.gentoo.org/glsa/201507-07nvd
- usn.ubuntu.com/4587-1/nvd
News mentions
0No linked articles in our index yet.