Vulnerability Description
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tigervnc | Tigervnc | < 1.10.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.htmlBroken Link
- https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569aPatchThird Party Advisory
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1Release NotesThird Party Advisory
- https://www.openwall.com/lists/oss-security/2019/12/20/2ExploitMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.htmlBroken Link
- https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569aPatchThird Party Advisory
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1Release NotesThird Party Advisory
- https://www.openwall.com/lists/oss-security/2019/12/20/2ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2019-15693?
CVE-2019-15693 is a vulnerability with a CVSS score of 7.2 (HIGH). TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execu...
How severe is CVE-2019-15693?
CVE-2019-15693 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15693?
Check the references section above for vendor advisories and patch information. Affected products include: Tigervnc Tigervnc.