CVE-2019-15694

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15694
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15694.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-15694
Downstream
Related
Published
2019-12-26T15:15:11.337Z
Modified
2026-03-10T22:19:16.294607Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

References

Affected packages

Git / github.com/cendioossman/tigervnc

Affected ranges

Type
Repo
https://github.com/cendioossman/tigervnc
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0943c006c7d900dfc0281639e992791d6c567438
Type
GIT
Repo
https://github.com/tigervnc/tigervnc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4739493b635372bd40a34640a719f79fa90e4dba
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.10.1"
        }
    ]
}

Affected versions

v0.*
v0.0.90
v1.*
v1.1.90
v1.10.0
v1.9.90

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15694.json"