CVE-2019-15691Expired Pointer Dereference in Tigervnc

CWE-825Expired Pointer DereferenceCWE-672Operation on a Resource after Expiration or Release8 documents6 sources
Severity
7.2HIGHNVD
EPSS
3.7%
top 12.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
TigervncDebian TigervncKaspersky Tigervnc+1 more
Timeline
PublishedDec 26
Latest updateMay 24

Description

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

debiandebian/tigervnc< tigervnc 1.10.1+dfsg-1 (bookworm)
NVDtigervnc/tigervnc< 1.10.1
Debiantigervnc/tigervnc< 1.10.1+dfsg-1+3
CVEListV5kaspersky/tigervnc1.10.0
NVDopensuse/leap15.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-vmc8-ggh9-8p8j: TigerVNC version prior to 12022-05-24
OSV
CVE-2019-15691: TigerVNC version prior to 12019-12-26

📋Vendor Advisories

2
Red Hat
tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder2019-12-20
Debian
CVE-2019-15691: tigervnc - TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which ...2019

💬Community

3
Bugzilla
CVE-2019-15691 tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder2020-01-10
Bugzilla
CVE-2019-15691 tigervnc: stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder [fedora-all]2020-01-10
Bugzilla
CVE-2017-15691 uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code2018-04-27
CVE-2019-15691 — Expired Pointer Dereference | cvebase