CVE-2019-15692

high

Description

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

References

Advisories
More

https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1

https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html

https://www.openwall.com/lists/oss-security/2019/12/20/2

Details

Source: Mitre, NVD

Published: 2019-12-26

Updated: 2022-12-22

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.07807