CVE-2019-15692

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Published: Dec 26, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-15692
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
tigervnc / tigervnc	-	1.10.1
opensuse / leap	15.1	15.1.x

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html
https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821
https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1
https://www.openwall.com/lists/oss-security/2019/12/20/2

Vulnerability Database

289,599

CVE-2019-15692