Search for packages
Package details: pkg:deb/ubuntu/krfb@4:4.13.3-0ubuntu1.1
purl pkg:deb/ubuntu/krfb@4:4.13.3-0ubuntu1.1
Next non-vulnerable version 4:4.13.97-0ubuntu2
Latest non-vulnerable version 4:4.13.97-0ubuntu2
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-72b4-1brz-aaaj
Aliases:
CVE-2014-4607
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
4:4.13.97-0ubuntu2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-1f7b-k679-aaah The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. CVE-2014-6054
VCID-9v5m-a7zv-aaab The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. CVE-2014-6053
VCID-a5c7-yy5f-aaan Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message. CVE-2014-6055

Date Actor Action Vulnerability Source VulnerableCode Version