CVE-2014-6054

Publication date 24 September 2014

Last updated 24 July 2024

Ubuntu priority

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
italc	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 1:2.0.2+dfsg1-4ubuntu0.1
	14.04 LTS trusty	Not in release
krfb	14.04 LTS trusty	Fixed 4:4.13.3-0ubuntu1.1
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
libvncserver	14.04 LTS trusty	Fixed 0.9.9+dfsg-1ubuntu1.1
	12.04 LTS precise	Fixed 0.9.8.2-2ubuntu1.1
	10.04 LTS lucid	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
krfb	Upstream: http://quickgit.kde.org/?p=krfb.git&a=commit&h=126a746dd7bee35840083e9bec7a52935a010346
libvncserver	Upstream: 05a9bd4 Upstream: f18f24c Upstream: 5dee1cb Upstream: 819481c Upstream: e5d9b6a

CVE-2014-6054

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references