CVE-2019-15680: Null Pointer Dereference

Reference Links

• https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
• https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
• https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08
• https://usn.ubuntu.com/4407-1/
• https://www.openwall.com/lists/oss-security/2018/12/10/5
• https://launchpad.net/bugs/cve/CVE-2019-15680
• https://www.cisa.gov/news-events/ics-advisories/icsa-20-343-08 (Advisory)
• https://github.com/sunweaver/libvncserver/commit/85d00057b5daf71675462c9b175d8cb2d47cd0e1
• https://github.com/LibVNC/libvncserver/issues/359#issuecomment-599202068
• https://security-tracker.debian.org/tracker/CVE-2019-15680
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15680
• https://nvd.nist.gov/vuln/detail/CVE-2019-15680
• https://ubuntu.com/security/CVE-2019-15680

Parent vulnerabilities

(Appears in the following advisories)

• ICSA-20-343-08

Frequently Asked Questions

• What is CVE-2019-15680?

  CVE-2019-15680 is a vulnerability in TightVNC code version 1.3.10 that contains a null pointer dereference in the HandleZlibBPP function, leading to a Denial of Service (DoS) attack.

• How severe is CVE-2019-15680?

  CVE-2019-15680 has a severity rating of high with a score of 7.5.

• Which software is affected by CVE-2019-15680?

  The affected software includes TightVNC code version 1.3.10, libvncserver packages with specific versions, and Tightvnc packages with specific versions.

• How can CVE-2019-15680 be exploited?

  CVE-2019-15680 can be exploited through network connectivity.

• Where can I find more information about CVE-2019-15680?

  More information about CVE-2019-15680 can be found at the MITRE CVE database (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15680) and the Openwall mailing list (https://www.openwall.com/lists/oss-security/2018/12/10/5).