{ "schema_version": "1.4.0", "id": "GHSA-fcxc-59xc-c54c", "modified": "2025-04-12T12:43:03Z", "published": "2022-05-13T01:14:20Z", "aliases": [ "CVE-2014-6053" ], "details": "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6053" }, { "type": "WEB", "url": "https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201507-07" }, { "type": "WEB", "url": "https://usn.ubuntu.com/4573-1" }, { "type": "WEB", "url": "https://usn.ubuntu.com/4587-1" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2014/q3/639" }, { "type": "WEB", "url": "http://secunia.com/advisories/61506" }, { "type": "WEB", "url": "http://secunia.com/advisories/61682" }, { "type": "WEB", "url": "http://ubuntu.com/usn/usn-2365-1" }, { "type": "WEB", "url": "http://www.debian.org/security/2014/dsa-3081" }, { "type": "WEB", "url": "http://www.ocert.org/advisories/ocert-2014-007.html" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2014/09/25/11" } ], "database_specific": { "cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2014-12-15T18:59:00Z" } }