CVE-2019-15691
First published: Thu Dec 26 2019(Updated: )
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Credit: vulnerability@kaspersky.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tigervnc Tigervnc | <1.10.1 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15691?
CVE-2019-15691 is a vulnerability in TigerVNC version prior to 1.10.1 that allows for a stack use-after-return attack.
How does CVE-2019-15691 occur?
CVE-2019-15691 occurs due to incorrect usage of stack memory in ZRLEDecoder in TigerVNC.
What is the severity of CVE-2019-15691?
CVE-2019-15691 has a severity rating of 7.2 (high).
Which software versions are affected by CVE-2019-15691?
TigerVNC versions prior to 1.10.1 and openSUSE Leap 15.1 are affected by CVE-2019-15691.
How can CVE-2019-15691 be fixed?
To fix CVE-2019-15691, update TigerVNC to version 1.10.1 or later.
- collector/nvd-index
- vendor/tigervnc
- product/tigervnc
- canonical/tigervnc tigervnc
- vendor/opensuse
- product/leap
- canonical/opensuse leap