UBUNTU-CVE-2019-15694

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-15694

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-15694.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-15694

Related

CVE-2019-15694

Published

2019-12-26T15:15:00Z

Modified

2025-01-13T10:21:59Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

References

Affected packages

Ubuntu:Pro:18.04:LTS / tigervnc

Package

Name: tigervnc
Purl: pkg:deb/ubuntu/tigervnc@1.7.0+dfsg-8ubuntu2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.0+dfsg-7ubuntu1

1.7.0+dfsg-8ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / tigervnc

Package

Name: tigervnc
Purl: pkg:deb/ubuntu/tigervnc@1.10.1+dfsg-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.1+dfsg-1

Affected versions

1.*

1.9.0+dfsg-3

1.9.0+dfsg-4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.10.1+dfsg-1",
            "binary_name": "tigervnc-common"
        },
        {
            "binary_version": "1.10.1+dfsg-1",
            "binary_name": "tigervnc-common-dbgsym"
        },
        {
            "binary_version": "1.10.1+dfsg-1",
            "binary_name": "tigervnc-scraping-server"
        },
        {
            "binary_version": "1.10.1+dfsg-1",
            "binary_name": "tigervnc-scraping-server-dbgsym"
        },
        {
            "binary_version": "1.10.1+dfsg-1",
            "binary_name": "tigervnc-standalone-server"
        },
        {
            "binary_version": "1.10.1+dfsg-1",
            "binary_name": "tigervnc-standalone-server-dbgsym"
        },
        {
            "binary_version": "1.10.1+dfsg-1",
            "binary_name": "tigervnc-viewer"
        },
        {
            "binary_version": "1.10.1+dfsg-1",
            "binary_name": "tigervnc-viewer-dbgsym"
        },
        {
            "binary_version": "1.10.1+dfsg-1",
            "binary_name": "tigervnc-xorg-extension"
        },
        {
            "binary_version": "1.10.1+dfsg-1",
            "binary_name": "tigervnc-xorg-extension-dbgsym"
        }
    ]
}