| Name | CVE-2014-6053 |
| Description | The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-197-1, DLA-1979-1, DLA-2014-1, DLA-2045-1, DSA-3081-1 |
| Debian Bugs | 762745, 945784 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| italc (PTS) | jessie, jessie (lts) | 1:2.0.2+dfsg1-2+deb8u1 | fixed |
| stretch | 1:3.0.3+dfsg1-1+deb9u1 | fixed | |
| libvncserver (PTS) | jessie, jessie (lts) | 0.9.9+dfsg2-6.1+deb8u8 | fixed |
| stretch (security) | 0.9.11+dfsg-1.3~deb9u6 | fixed | |
| stretch (lts), stretch | 0.9.11+dfsg-1.3~deb9u7 | fixed | |
| buster (security), buster, buster (lts) | 0.9.11+dfsg-1.3+deb10u5 | fixed | |
| bullseye | 0.9.13+dfsg-2+deb11u1 | fixed | |
| sid, trixie, bookworm | 0.9.14+dfsg-1 | fixed | |
| tightvnc (PTS) | jessie, jessie (lts) | 1.3.9-6.5+deb8u1 | fixed |
| stretch | 1:1.3.9-9+deb9u1 | fixed | |
| buster | 1:1.3.9-9+deb10u1 | fixed | |
| bullseye | 1:1.3.10-3 | fixed | |
| bookworm | 1:1.3.10-7 | fixed | |
| sid, trixie | 1:1.3.10-9 | fixed | |
| vino (PTS) | jessie, jessie (lts) | 3.14.0-2+deb8u1 | fixed |
| stretch | 3.22.0-1 | vulnerable | |
| buster | 3.22.0-5 | vulnerable | |
| sid, trixie, bullseye, bookworm | 3.22.0-6 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| italc | source | wheezy | (unfixed) | end-of-life | ||
| italc | source | jessie | 1:2.0.2+dfsg1-2+deb8u1 | DLA-1979-1 | ||
| italc | source | (unstable) | 1:3.0.1+dfsg1-1 | |||
| libvncserver | source | squeeze | 0.9.7-2+deb6u1 | DLA-197-1 | ||
| libvncserver | source | wheezy | 0.9.9+dfsg-1+deb7u1 | DSA-3081-1 | ||
| libvncserver | source | (unstable) | 0.9.9+dfsg-6.1 | 762745 | ||
| tightvnc | source | wheezy | (unfixed) | end-of-life | ||
| tightvnc | source | jessie | 1.3.9-6.5+deb8u1 | DLA-2045-1 | ||
| tightvnc | source | stretch | 1:1.3.9-9+deb9u1 | |||
| tightvnc | source | buster | 1:1.3.9-9deb10u1 | |||
| tightvnc | source | (unstable) | 1:1.3.9-9.1 | |||
| vino | source | wheezy | (unfixed) | end-of-life | ||
| vino | source | jessie | 3.14.0-2+deb8u1 | DLA-2014-1 | ||
| vino | source | (unstable) | 3.22.0-6 | 945784 |
[buster] - vino <no-dsa> (Minor issue)
[stretch] - vino <no-dsa> (Minor issue)
https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28