CVE-2019-15680 — NULL Pointer Dereference in Tightvnc

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

0.7%

top 28.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tightvnc Libvncserver Project Libvncserver Debian Libvncserver +2 more

Timeline

PublishedOct 29

Latest updateMay 24

Description

TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶debiandebian/tightvnc< tightvnc 1:1.3.9-9.1 (bookworm)

▶Debiantightvnc/tightvnc< 1:1.3.9-9.1+3

▶NVDtightvnc/tightvnc1.3.10

▶CVEListV5kaspersky/tightvnc1.3.10

▶debiandebian/libvncserver< tightvnc 1:1.3.9-9.1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-7734-vjrv-hjxq: TightVNC code version 1↗2022-05-24

▶

OSV

libvncserver vulnerabilities↗2020-07-01

▶

OSV

CVE-2019-15680: TightVNC code version 1↗2019-10-29

▶

📋Vendor Advisories

CISA ICS

Siemens Products using TightVNC (Update A)↗2020-12-08

▶

Ubuntu

LibVNCServer vulnerabilities↗2020-07-01

▶

Debian

CVE-2019-15680: libvncserver - TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP ...↗2019

▶