CVE-2019-15695 — Stack-based Buffer Overflow in Tigervnc

CWE-121 — Stack-based Buffer Overflow CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.2HIGHNVD

EPSS

3.3%

top 12.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tigervnc Debian Tigervnc Kaspersky Tigervnc +1 more

Timeline

PublishedDec 26

Latest updateMay 24

Description

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/tigervnc< tigervnc 1.10.1+dfsg-1 (bookworm)

▶NVDtigervnc/tigervnc< 1.10.1

▶Debiantigervnc/tigervnc< 1.10.1+dfsg-1+3

▶CVEListV5kaspersky/tigervnc1.10.0

▶NVDopensuse/leap15.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-25ff-c5j2-v9ch: TigerVNC version prior to 1↗2022-05-24

▶

OSV

CVE-2019-15695: TigerVNC version prior to 1↗2019-12-26

▶

📋Vendor Advisories

Red Hat

tigervnc: Stack buffer overflow in CMsgReader::readSetCursor↗2019-12-20

▶

Debian

CVE-2019-15695: tigervnc - TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which c...↗2019

▶

💬Community

Bugzilla

CVE-2019-15695 tigervnc: Stack buffer overflow in CMsgReader::readSetCursor [fedora-all]↗2020-01-16

▶

Bugzilla

CVE-2019-15695 tigervnc: Stack buffer overflow in CMsgReader::readSetCursor↗2020-01-13

▶