Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-197-1 libvncserver security update
Debian DLA Debian DLA DLA-1979-1 italc security update
Debian DSA Debian DSA DSA-3081-1 libvncserver security update
EUVD EUVD EUVD-2014-5939 Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
Ubuntu USN Ubuntu USN USN-2365-1 LibVNCServer vulnerabilities
Ubuntu USN Ubuntu USN USN-4587-1 iTALC vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.06776}

epss

{'score': 0.06605}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-06T12:03:02.339Z

Reserved: 2014-09-01T00:00:00

Link: CVE-2014-6051

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2014-09-30T16:55:07.010

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-6051

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-09-23T00:00:00Z

Links: CVE-2014-6051 - Bugzilla

cve-icon OpenCVE Enrichment

No data.