Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2014-6054

CVE-2014-6054

UNKNOWN

The rfbProcessClientNormalMessage function in libvncserver/rfbserver

Published Oct 6, 2014

Modified 1 years ago

Details

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

References

http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html

http://seclists.org/oss-sec/2014/q3/639

http://secunia.com/advisories/61506

http://secunia.com/advisories/61682

http://www.debian.org/security/2014/dsa-3081

http://www.ocert.org/advisories/ocert-2014-007.html

http://www.openwall.com/lists/oss-security/2014/09/25/11

http://www.securityfocus.com/bid/70094

http://www.ubuntu.com/usn/USN-2365-1

https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446

https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html

https://security.gentoo.org/glsa/201507-07

https://usn.ubuntu.com/4587-1/

https://www.cve.org/CVERecord?id=CVE-2014-6054

CVSS Analysis

CVSS v2.0

4.3

Exploitability

Access Vector

NetworkAV:N

Access Complexity

MediumAC:M

Authentication

NoneAu:N

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

PartialA:P

4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P

Ecosystems

Timeline

PublishedOct 6, 2014

ModifiedAug 6, 2024

CVE-2014-6054 | Mondoo Vulnerability Intelligence