csaf_redhat - rhsa-2015:0113

rhsa-2015:0113

Vulnerability from csaf_redhat

Published

2015-02-02 19:13

Modified

2024-11-22 08:39

Summary

Red Hat Security Advisory: libvncserver security update

Notes

Topic

Updated libvncserver packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. (CVE-2014-6051) Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6055) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Nicolas Ruff as the original reporter. All libvncserver users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against libvncserver must be restarted for this update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated libvncserver packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "LibVNCServer is a library that allows for easy creation of VNC server or\nclient functionality.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way screen sizes were handled by LibVNCServer. A malicious VNC\nserver could use this flaw to cause a client to crash or, potentially,\nexecute arbitrary code in the client. (CVE-2014-6051)\n\nTwo stack-based buffer overflow flaws were found in the way LibVNCServer\nhandled file transfers. A remote attacker could use this flaw to crash the\nVNC server using a malicious VNC client. (CVE-2014-6055)\n\nRed Hat would like to thank oCERT for reporting these issues. oCERT\nacknowledges Nicolas Ruff as the original reporter.\n\nAll libvncserver users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\napplications linked against libvncserver must be restarted for this update\nto take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:0113",
        "url": "https://access.redhat.com/errata/RHSA-2015:0113"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1144287",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144287"
      },
      {
        "category": "external",
        "summary": "1144293",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144293"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0113.json"
      }
    ],
    "title": "Red Hat Security Advisory: libvncserver security update",
    "tracking": {
      "current_release_date": "2024-11-22T08:39:14+00:00",
      "generator": {
        "date": "2024-11-22T08:39:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2015:0113",
      "initial_release_date": "2015-02-02T19:13:42+00:00",
      "revision_history": [
        {
          "date": "2015-02-02T19:13:42+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-02-02T19:13:42+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T08:39:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server EUS (v. 6.5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server EUS (v. 6.5)",
                  "product_id": "6Server-6.5.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:6.5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
                  "product_id": "6Server-optional-6.5.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:6.5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
                "product": {
                  "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
                  "product_id": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-debuginfo@0.9.7-7.el6_5.1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-0:0.9.7-7.el6_5.1.i686",
                "product": {
                  "name": "libvncserver-0:0.9.7-7.el6_5.1.i686",
                  "product_id": "libvncserver-0:0.9.7-7.el6_5.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver@0.9.7-7.el6_5.1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
                "product": {
                  "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
                  "product_id": "libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-devel@0.9.7-7.el6_5.1?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
                "product": {
                  "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
                  "product_id": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-debuginfo@0.9.7-7.el6_5.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-0:0.9.7-7.el6_5.1.x86_64",
                "product": {
                  "name": "libvncserver-0:0.9.7-7.el6_5.1.x86_64",
                  "product_id": "libvncserver-0:0.9.7-7.el6_5.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver@0.9.7-7.el6_5.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
                "product": {
                  "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
                  "product_id": "libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-devel@0.9.7-7.el6_5.1?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
                "product": {
                  "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
                  "product_id": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-debuginfo@0.9.7-7.el6_5.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-0:0.9.7-7.el6_5.1.s390x",
                "product": {
                  "name": "libvncserver-0:0.9.7-7.el6_5.1.s390x",
                  "product_id": "libvncserver-0:0.9.7-7.el6_5.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver@0.9.7-7.el6_5.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
                "product": {
                  "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
                  "product_id": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-devel@0.9.7-7.el6_5.1?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
                "product": {
                  "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
                  "product_id": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-debuginfo@0.9.7-7.el6_5.1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-0:0.9.7-7.el6_5.1.ppc64",
                "product": {
                  "name": "libvncserver-0:0.9.7-7.el6_5.1.ppc64",
                  "product_id": "libvncserver-0:0.9.7-7.el6_5.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver@0.9.7-7.el6_5.1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
                "product": {
                  "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
                  "product_id": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-devel@0.9.7-7.el6_5.1?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvncserver-0:0.9.7-7.el6_5.1.src",
                "product": {
                  "name": "libvncserver-0:0.9.7-7.el6_5.1.src",
                  "product_id": "libvncserver-0:0.9.7-7.el6_5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver@0.9.7-7.el6_5.1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
                "product": {
                  "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
                  "product_id": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-devel@0.9.7-7.el6_5.1?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
                "product": {
                  "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
                  "product_id": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-debuginfo@0.9.7-7.el6_5.1?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-0:0.9.7-7.el6_5.1.s390",
                "product": {
                  "name": "libvncserver-0:0.9.7-7.el6_5.1.s390",
                  "product_id": "libvncserver-0:0.9.7-7.el6_5.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver@0.9.7-7.el6_5.1?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
                "product": {
                  "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
                  "product_id": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-devel@0.9.7-7.el6_5.1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
                "product": {
                  "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
                  "product_id": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver-debuginfo@0.9.7-7.el6_5.1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libvncserver-0:0.9.7-7.el6_5.1.ppc",
                "product": {
                  "name": "libvncserver-0:0.9.7-7.el6_5.1.ppc",
                  "product_id": "libvncserver-0:0.9.7-7.el6_5.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libvncserver@0.9.7-7.el6_5.1?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.i686",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.ppc",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.ppc64",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.s390",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.s390x",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.src as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.src",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.x86_64",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
        "relates_to_product_reference": "6Server-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.i686",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.ppc",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.ppc64",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.s390",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.s390x",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.src as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.src",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-0:0.9.7-7.el6_5.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64"
        },
        "product_reference": "libvncserver-0:0.9.7-7.el6_5.1.x86_64",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64"
        },
        "product_reference": "libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 6.5)",
          "product_id": "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64"
        },
        "product_reference": "libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
        "relates_to_product_reference": "6Server-optional-6.5.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "oCERT"
          ]
        }
      ],
      "cve": "CVE-2014-6051",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2014-09-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1144287"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-6051"
        },
        {
          "category": "external",
          "summary": "RHBZ#1144287",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144287"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6051",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-6051"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6051",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6051"
        }
      ],
      "release_date": "2014-09-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-02-02T19:13:42+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:0113"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "oCERT"
          ]
        }
      ],
      "cve": "CVE-2014-6055",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2014-09-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1144293"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libvncserver: server stacked-based buffer overflow flaws in file transfer handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
          "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
          "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
          "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
          "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
          "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
          "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-6055"
        },
        {
          "category": "external",
          "summary": "RHBZ#1144293",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144293"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-6055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-6055"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-6055",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6055"
        }
      ],
      "release_date": "2014-09-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-02-02T19:13:42+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:0113"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
            "6Server-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
            "6Server-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.src",
            "6Server-optional-6.5.EUS:libvncserver-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-debuginfo-0:0.9.7-7.el6_5.1.x86_64",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.i686",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.ppc64",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.s390x",
            "6Server-optional-6.5.EUS:libvncserver-devel-0:0.9.7-7.el6_5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libvncserver: server stacked-based buffer overflow flaws in file transfer handling"
    }
  ]
}

cve-2014-6051

Vulnerability from cvelistv5

Published

2014-09-30 16:00

Modified

2024-08-06 12:03

Severity ?

Summary

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.

References

▼	URL	Tags
	http://www.ocert.org/advisories/ocert-2014-007.html	x_refsource_MISC
	https://security.gentoo.org/glsa/201612-36	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273	x_refsource_CONFIRM
	http://secunia.com/advisories/61506	third-party-advisory, x_refsource_SECUNIA
	https://www.kde.org/info/security/advisory-20140923-1.txt	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-0113.html	vendor-advisory, x_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2014/09/25/11	mailing-list, x_refsource_MLIST
	http://seclists.org/oss-sec/2014/q3/639	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/201507-07	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/70093	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2014/dsa-3081	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html	vendor-advisory, x_refsource_FEDORA
	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4587-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:03:02.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
          },
          {
            "name": "GLSA-201612-36",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-36"
          },
          {
            "name": "openSUSE-SU-2015:2207",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
          },
          {
            "name": "61506",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61506"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
          },
          {
            "name": "RHSA-2015:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
          },
          {
            "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
          },
          {
            "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q3/639"
          },
          {
            "name": "GLSA-201507-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201507-07"
          },
          {
            "name": "70093",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70093"
          },
          {
            "name": "DSA-3081",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3081"
          },
          {
            "name": "FEDORA-2014-11537",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
          },
          {
            "name": "FEDORA-2014-11685",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
          },
          {
            "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
          },
          {
            "name": "USN-4587-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4587-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-23T12:06:24",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
        },
        {
          "name": "GLSA-201612-36",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201612-36"
        },
        {
          "name": "openSUSE-SU-2015:2207",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
        },
        {
          "name": "61506",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61506"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
        },
        {
          "name": "RHSA-2015:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
        },
        {
          "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
        },
        {
          "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q3/639"
        },
        {
          "name": "GLSA-201507-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201507-07"
        },
        {
          "name": "70093",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70093"
        },
        {
          "name": "DSA-3081",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3081"
        },
        {
          "name": "FEDORA-2014-11537",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
        },
        {
          "name": "FEDORA-2014-11685",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
        },
        {
          "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
        },
        {
          "name": "USN-4587-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4587-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-6051",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "name": "GLSA-201612-36",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201612-36"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "name": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273",
              "refsource": "CONFIRM",
              "url": "https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273"
            },
            {
              "name": "61506",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "name": "https://www.kde.org/info/security/advisory-20140923-1.txt",
              "refsource": "CONFIRM",
              "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
            },
            {
              "name": "RHSA-2015:0113",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "GLSA-201507-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "70093",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70093"
            },
            {
              "name": "DSA-3081",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "name": "FEDORA-2014-11537",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
            },
            {
              "name": "FEDORA-2014-11685",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4587-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-6051",
    "datePublished": "2014-09-30T16:00:00",
    "dateReserved": "2014-09-01T00:00:00",
    "dateUpdated": "2024-08-06T12:03:02.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-6055

Vulnerability from cvelistv5

Published

2014-09-30 16:00

Modified

2024-08-06 12:03

Severity ?

Summary

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

References

▼	URL	Tags
	http://www.ocert.org/advisories/ocert-2014-007.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/61506	third-party-advisory, x_refsource_SECUNIA
	https://www.kde.org/info/security/advisory-20140923-1.txt	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-0113.html	vendor-advisory, x_refsource_REDHAT
	https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2014/09/25/11	mailing-list, x_refsource_MLIST
	http://seclists.org/oss-sec/2014/q3/639	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/201507-07	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/70096	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2014/dsa-3081	vendor-advisory, x_refsource_DEBIAN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/96187	vdb-entry, x_refsource_XF
	http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html	vendor-advisory, x_refsource_FEDORA
	https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4587-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:03:02.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
          },
          {
            "name": "openSUSE-SU-2015:2207",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
          },
          {
            "name": "61506",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61506"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
          },
          {
            "name": "RHSA-2015:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
          },
          {
            "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
          },
          {
            "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q3/639"
          },
          {
            "name": "GLSA-201507-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201507-07"
          },
          {
            "name": "70096",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70096"
          },
          {
            "name": "DSA-3081",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3081"
          },
          {
            "name": "libvncserver-cve20146055-bo(96187)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
          },
          {
            "name": "FEDORA-2014-11537",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
          },
          {
            "name": "FEDORA-2014-11685",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
          },
          {
            "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
          },
          {
            "name": "USN-4587-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4587-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-23T12:06:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
        },
        {
          "name": "openSUSE-SU-2015:2207",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
        },
        {
          "name": "61506",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61506"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
        },
        {
          "name": "RHSA-2015:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
        },
        {
          "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
        },
        {
          "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q3/639"
        },
        {
          "name": "GLSA-201507-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201507-07"
        },
        {
          "name": "70096",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70096"
        },
        {
          "name": "DSA-3081",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3081"
        },
        {
          "name": "libvncserver-cve20146055-bo(96187)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
        },
        {
          "name": "FEDORA-2014-11537",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
        },
        {
          "name": "FEDORA-2014-11685",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
        },
        {
          "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
        },
        {
          "name": "USN-4587-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4587-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-6055",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ocert.org/advisories/ocert-2014-007.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2014-007.html"
            },
            {
              "name": "openSUSE-SU-2015:2207",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html"
            },
            {
              "name": "61506",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61506"
            },
            {
              "name": "https://www.kde.org/info/security/advisory-20140923-1.txt",
              "refsource": "CONFIRM",
              "url": "https://www.kde.org/info/security/advisory-20140923-1.txt"
            },
            {
              "name": "RHSA-2015:0113",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0113.html"
            },
            {
              "name": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677",
              "refsource": "CONFIRM",
              "url": "https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677"
            },
            {
              "name": "[oss-security] 20140925 [oCERT-2014-007] libvncserver multiple issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11"
            },
            {
              "name": "[oss-security] 20140923 Multiple issues in libVNCserver",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q3/639"
            },
            {
              "name": "GLSA-201507-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201507-07"
            },
            {
              "name": "70096",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70096"
            },
            {
              "name": "DSA-3081",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3081"
            },
            {
              "name": "libvncserver-cve20146055-bo(96187)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96187"
            },
            {
              "name": "FEDORA-2014-11537",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"
            },
            {
              "name": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e",
              "refsource": "CONFIRM",
              "url": "https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e"
            },
            {
              "name": "FEDORA-2014-11685",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4587-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4587-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-6055",
    "datePublished": "2014-09-30T16:00:00",
    "dateReserved": "2014-09-01T00:00:00",
    "dateUpdated": "2024-08-06T12:03:02.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2015:0113

Vulnerability from csaf_redhat

cve-2014-6051

Vulnerability from cvelistv5

cve-2014-6055

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature