CVE-2019-15693 — Heap-based Buffer Overflow in Tigervnc

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.2HIGHNVD

EPSS

9.0%

top 7.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tigervnc Debian Tigervnc Kaspersky Tigervnc

Timeline

PublishedDec 26

Latest updateMay 24

Description

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/tigervnc< tigervnc 1.10.1+dfsg-1 (bookworm)

▶NVDtigervnc/tigervnc< 1.10.1

▶Debiantigervnc/tigervnc< 1.10.1+dfsg-1+3

▶CVEListV5kaspersky/tigervnc1.10.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-xv8c-xf4m-4698: TigerVNC version prior to 1↗2022-05-24

▶

OSV

CVE-2019-15693: TigerVNC version prior to 1↗2019-12-26

▶

📋Vendor Advisories

Red Hat

tigervnc: Heap buffer overflow in TightDecoder::FilterGradient↗2019-12-20

▶

Debian

CVE-2019-15693: tigervnc - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which oc...↗2019

▶

💬Community

Bugzilla

CVE-2019-15693 tigervnc: Heap buffer overflow in TightDecoder::FilterGradient [fedora-all]↗2020-01-13

▶

Bugzilla

CVE-2019-15693 tigervnc: Heap buffer overflow in TightDecoder::FilterGradient↗2020-01-13

▶