CVE-2014-6053

Description

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

Affected packages (5)

• Debian/libvncserverfrom 0, < 0.9.9+dfsg-6.1
• Debian/tightvncfrom 0, < 1:1.3.9-9.1
• Debian/tightvncfrom 0, < 1.3.9-6.5+deb8u1
• Debian/vinofrom 0, < 3.22.0-6
• Debian/vinofrom 0, < 3.14.0-2+deb8u1

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-6053