CVE-2014-6054
EPSS 37.7%
Description
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
How to fix CVE-2014-6054
To remediate CVE-2014-6054, upgrade the affected package to a fixed version below.
- Debian/libvncserver—upgrade to 0.9.9+dfsg-6.1 or later
Is CVE-2014-6054 being exploited?
Moderate — EPSS is 37.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 0.9.9+dfsg-6.1