CVE-2014-6051
30.09.2014, 16:55
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.Enginsight
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_eus | 6.5.z:z |
| libvncserver | libvncserver | 𝑥 ≤ 0.9.9 |
| debian | debian_linux | 7.0 |
| oracle | solaris | 11.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References