CVE-2019-15692Heap-based Buffer Overflow in Tigervnc

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write7 documents6 sources
Severity
7.2HIGHNVD
EPSS
5.0%
top 10.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
TigervncDebian TigervncKaspersky Tigervnc+1 more
Timeline
PublishedDec 26
Latest updateMay 24

Description

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

debiandebian/tigervnc< tigervnc 1.10.1+dfsg-1 (bookworm)
NVDtigervnc/tigervnc< 1.10.1
Debiantigervnc/tigervnc< 1.10.1+dfsg-1+3
CVEListV5kaspersky/tigervnc1.10.0
NVDopensuse/leap15.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-hc53-6v72-2h55: TigerVNC version prior to 12022-05-24
OSV
CVE-2019-15692: TigerVNC version prior to 12019-12-26

📋Vendor Advisories

2
Red Hat
tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks2019-09-10
Debian
CVE-2019-15692: tigervnc - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerab...2019

💬Community

2
Bugzilla
CVE-2019-15692 tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks2020-01-09
Bugzilla
CVE-2019-15692 tigervnc: heap-based buffer overflow triggered from CopyRectDecoder due to incorrect value checks [fedora-all]2020-01-09
CVE-2019-15692 — Heap-based Buffer Overflow in Tigervnc | cvebase