VDB
GCVE-110-MAGEIA-2014-397
GCVE-110-MAGEIA-2014-397
Advisory Published
Updated libvncserver and remmina packages fix security vulnerabilities:
A malicious VNC server can trigger incorrect memory management handling by
advertising a large screen size parameter to the VNC client. This would result
in multiple memory corruptions and could allow remote code execution on the
VNC client (CVE-2014-6051, CVE-2014-6052).
A malicious VNC client can trigger multiple DoS conditions on the VNC server
by advertising a large screen size, ClientCutText message length and/or a zero
scaling factor parameter (CVE-2014-6053, CVE-2014-6054).
A malicious VNC client can trigger multiple stack-based buffer overflows by
passing a long file and directory names and/or attributes (FileTime) when
using the file transfer message feature (CVE-2014-6055).
The remmina package had been built with a bundled copy of libvncserver. It
has been rebuilt against the system libvncserver library to resolve these
issues.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libvncserver | 0 (affected), 0.9.9-2.2.mga3 (unaffected) | — |
| Mageia | libvncserver | 0 (affected), 0.9.9-3.2.mga4 (unaffected) | — |
| Mageia | remmina | 1.0.0-4.4.mga4 (unaffected), 0 (affected) | — |
| Mageia | remmina | 1.0.0-3.2.mga3 (unaffected), 0 (affected) | — |
References
Browse GCVE Records
72,580 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.