Stack Buffer Overflow Vulnerability in TigerVNC Software by TigerVNC
CVE-2019-15695
7.2HIGH
What is CVE-2019-15695?
TigerVNC, an open-source implementation of VNC server and client, is prone to a stack buffer overflow vulnerability in versions prior to 1.10.1. The flaw arises from inadequate sanitization of the PixelFormat data in CMsgReader::readSetCursor function. This weakness allows an attacker to manipulate the buffer offset during network connectivity, leading to potential remote code execution. Proper updating to version 1.10.1 or later is crucial to mitigate this risk.
Affected Version(s)
TigerVNC 1.10.0