CVE-2019-15693

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Published: Dec 26, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-15693
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
tigervnc / tigervnc	-	1.10.1

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html
https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95
https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1
https://www.openwall.com/lists/oss-security/2019/12/20/2

Vulnerability Database

289,599

CVE-2019-15693