CVE-2014-6055

Publication date 24 September 2014

Last updated 26 May 2025

Ubuntu priority

Description

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
krfb	14.04 LTS trusty	Fixed 4:4.13.3-0ubuntu1.1
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
libvncserver	14.04 LTS trusty	Fixed 0.9.9+dfsg-1ubuntu1.1
	12.04 LTS precise	Fixed 0.9.8.2-2ubuntu1.1
	10.04 LTS lucid	Ignored end of life
italc	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 1:2.0.2+dfsg1-4ubuntu0.1
	14.04 LTS trusty	Not in release

Notes

mdeslaur

fix may break ABI

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
krfb	Upstream: http://quickgit.kde.org/?p=krfb.git&a=commit&h=2e211579455fd832fb21322482c005b6a85aa1bf Upstream: http://quickgit.kde.org/?p=krfb.git&a=commit&h=857c2b411ed806ef806116407612a2d2a40fab9c
libvncserver	Upstream: 06ccdf0 Upstream: f528072 Upstream: 256964b

CVE-2014-6055

Description

Status

Notes

mdeslaur

Patch details

References

Related Ubuntu Security Notices (USN)

Other references