CVE-2019-15693

MEDIUM

Description

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html

https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95

https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1

https://www.openwall.com/lists/oss-security/2019/12/20/2

Details

Source: MITRE

Published: 2019-12-26

Updated: 2020-01-21

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
147375NewStart CGSL CORE 5.04 / MAIN 5.04 : tigervnc Multiple Vulnerabilities (NS-SA-2021-0035)NessusNewStart CGSL Local Security Checks
medium
146755EulerOS 2.0 SP2 : tigervnc (EulerOS-SA-2021-1369)NessusHuawei Local Security Checks
medium
146169EulerOS 2.0 SP5 : tigervnc (EulerOS-SA-2021-1237)NessusHuawei Local Security Checks
medium
146003CentOS 8 : tigervnc (CESA-2020:1497)NessusCentOS Local Security Checks
medium
145143EulerOS 2.0 SP3 : tigervnc (EulerOS-SA-2021-1127)NessusHuawei Local Security Checks
medium
144989Amazon Linux AMI : tigervnc (ALAS-2021-1470)NessusAmazon Linux Local Security Checks
medium
144468Amazon Linux AMI : tigervnc (ALAS-2020-1470) (deprecated)NessusAmazon Linux Local Security Checks
medium
141997Amazon Linux 2 : tigervnc (ALAS-2020-1552)NessusAmazon Linux Local Security Checks
medium
141653Scientific Linux Security Update : tigervnc on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
medium
141600CentOS 7 : tigervnc (CESA-2020:3875)NessusCentOS Local Security Checks
medium
141215Oracle Linux 7 : tigervnc (ELSA-2020-3875)NessusOracle Linux Local Security Checks
medium
141028RHEL 7 : tigervnc (RHSA-2020:3875)NessusRed Hat Local Security Checks
medium
139988EulerOS 2.0 SP8 : tigervnc (EulerOS-SA-2020-1885)NessusHuawei Local Security Checks
medium
138772NewStart CGSL MAIN 6.01 : tigervnc Multiple Vulnerabilities (NS-SA-2020-0032)NessusNewStart CGSL Local Security Checks
medium
138296SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:1749-1)NessusSuSE Local Security Checks
medium
135876RHEL 8 : tigervnc (RHSA-2020:1497)NessusRed Hat Local Security Checks
medium
135748Oracle Linux 8 : tigervnc (ELSA-2020-1497)NessusOracle Linux Local Security Checks
medium
133395SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:0266-1)NessusSuSE Local Security Checks
medium
133201SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:0159-1)NessusSuSE Local Security Checks
medium
133173openSUSE Security Update : tigervnc (openSUSE-2020-87)NessusSuSE Local Security Checks
medium
133035SUSE SLED15 / SLES15 Security Update : tigervnc (SUSE-SU-2020:0113-1)NessusSuSE Local Security Checks
medium
133034SUSE SLED15 / SLES15 Security Update : tigervnc (SUSE-SU-2020:0112-1)NessusSuSE Local Security Checks
medium