7.5

CVE-2014-6051

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version20
FedoraprojectFedora Version21
LibvncserverLibvncserver Version <= 0.9.9
DebianDebian Linux Version7.0
OracleSolaris Version11.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.61% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
http://secunia.com/advisories/61506
Third Party Advisory
Permissions Required
http://www.ocert.org/advisories/ocert-2014-007.html
Patch
Third Party Advisory
US Government Resource