CVE-2019-15694

high

Description

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

References

Advisories
More

https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html

https://www.openwall.com/lists/oss-security/2019/12/20/2

https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438

Details

Source: Mitre, NVD

Published: 2019-12-26

Updated: 2020-10-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0603