CVE-2019-15693

7.2HIGH

Key Information:

Vendor: Kaspersky
Status: Tigervnc
Vendor: CVE Published:; 26 December 2019

Summary

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Affected Version(s)

TigerVNC 1.10.0

References

https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c...

x_refsource_MISC

https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2019/12/20/2

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2019
Vulnerability Reserved
Aug 27, 2019

.