CVE-2019-15694
tigervnc: Heap buffer overflow in DecodeManager::decodeRect
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
TigerVNC versiones anteriores a 1.10.1, es vulnerable al desbordamiento de búfer de la pila, que podría ser activada desde la función DecodeManager::decodeRect. La vulnerabilidad se presenta debido a un error de firma en el procesamiento de MemOutStream. La explotación de esta vulnerabilidad podría resultar potencialmente en una ejecución de código remota. Este ataque parece ser explotable a través de la conectividad de red.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-27 CVE Reserved
- 2019-12-26 CVE Published
- 2023-08-09 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 | Release Notes |
URL | Date | SRC |
---|---|---|
https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438 | 2024-08-05 | |
https://www.openwall.com/lists/oss-security/2019/12/20/2 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html | 2020-10-16 | |
https://access.redhat.com/security/cve/CVE-2019-15694 | 2020-09-29 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1790315 | 2020-09-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Tigervnc Search vendor "Tigervnc" | Tigervnc Search vendor "Tigervnc" for product "Tigervnc" | < 1.10.1 Search vendor "Tigervnc" for product "Tigervnc" and version " < 1.10.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
|