UBUNTU-CVE-2019-15694

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2019-15694
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-15694.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-15694
Upstream
Published
2019-12-26T15:15:00Z
Modified
2025-10-24T04:47:50Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

References

Affected packages

Ubuntu:18.04:LTS / tigervnc

Package

Name
tigervnc
Purl
pkg:deb/ubuntu/tigervnc@1.7.0+dfsg-8ubuntu2?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.7.0+dfsg-7ubuntu1
1.7.0+dfsg-8ubuntu2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.7.0+dfsg-8ubuntu2",
            "binary_name": "tigervnc-common"
        },
        {
            "binary_version": "1.7.0+dfsg-8ubuntu2",
            "binary_name": "tigervnc-scraping-server"
        },
        {
            "binary_version": "1.7.0+dfsg-8ubuntu2",
            "binary_name": "tigervnc-standalone-server"
        },
        {
            "binary_version": "1.7.0+dfsg-8ubuntu2",
            "binary_name": "tigervnc-viewer"
        },
        {
            "binary_version": "1.7.0+dfsg-8ubuntu2",
            "binary_name": "tigervnc-xorg-extension"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-15694.json"