CVE-2019-15693 – tigervnc: Heap buffer overflow in TightDecoder::FilterGradient
https://notcve.org/view.php?id=CVE-2019-15693
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al desbordamiento de búfer de la pila, que se presenta en la función TightDecoder::FilterGradient. La explotación de esta vulnerabilidad podría resultar potencialmente en una ejecución de código remota. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95 https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 https://www.openwall.com/lists/oss-security/2019/12/20/2 https://access.redhat.com/security/cve/CVE-2019-15693 https://bugzilla.redhat.com/show_bug.cgi?id=1790313 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-15692 – tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks
https://notcve.org/view.php?id=CVE-2019-15692
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al desbordamiento de búfer de la pila. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821 https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 https://www.openwall.com/lists/oss-security/2019/12/20/2 https://access.redhat.com/security/cve/CVE-2019-15692 https://bugzilla.redhat.com/show_bug.cgi?id=1789527 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-15691 – tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder
https://notcve.org/view.php?id=CVE-2019-15691
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. TigerVNC versiones anteriores a 1.10.1, es vulnerable al uso de la pila previo al retorno, que se presenta debido a un uso incorrecto de la memoria de pila en ZRLEDecoder. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40 https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 https://www.openwall.com/lists/oss-security/2019/12/20/2 https://access.redhat.com/security/cve/CVE-2019-15691 https://bugzilla.redhat.com/show_bug.cgi?id=1789908 • CWE-672: Operation on a Resource after Expiration or Release CWE-825: Expired Pointer Dereference •
CVE-2016-10207 – tigervnc: VNC server can crash when TLS handshake terminates early
https://notcve.org/view.php?id=CVE-2016-10207
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. El servidor Xvnc en TigerVNC permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no válida y caída) terminando un apretón de manos TLS temprano. A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00020.html http://rhn.redhat.com/errata/RHSA-2017-0630.html http://www.openwall.com/lists/oss-security/2017/02/02/22 http://www.openwall.com/lists/oss-security/2017/02/05/2 http://www.securityfocus.com/bid/96012 https://access.redhat.com/errata/RHSA-2017:2000 https://bugzilla.suse.com/show_bug.cgi?id=1023012 https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649 https://security.gentoo.o • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-5581 – tigervnc: Buffer overflow in ModifiablePixelBuffer::fillRect
https://notcve.org/view.php?id=CVE-2017-5581
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries. Desbordamiento de búfer en la función ModifiablePixelBuffer::fillRect en TigerVNC en versiones anteriores a 1.7.1 permite a servidores remotos ejecutar código arbitrario a través de un mensaje RRE con un subrectangulo fuera de los límites del marco del búfer. A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. • http://rhn.redhat.com/errata/RHSA-2017-0630.html http://www.openwall.com/lists/oss-security/2017/01/22/1 http://www.openwall.com/lists/oss-security/2017/01/25/6 http://www.securityfocus.com/bid/95789 https://access.redhat.com/errata/RHSA-2017:2000 https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba https://github.com/TigerVNC/tigervnc/pull/399 https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1 https://security.gentoo.org/glsa/201702-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •