CVE-2019-15692: Buffer Overflow
First published: Thu Dec 26 2019(Updated: )
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Credit: vulnerability@kaspersky.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tigervnc Tigervnc | <1.10.1 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15692?
CVE-2019-15692 is a vulnerability in TigerVNC version prior to 1.10.1 that allows for a heap buffer overflow.
How severe is CVE-2019-15692?
The severity of CVE-2019-15692 is high with a CVSS score of 7.2.
How can CVE-2019-15692 be exploited?
CVE-2019-15692 can be exploited through network connections.
What is the affected software?
The affected software is Tigervnc versions prior to 1.10.1 and openSUSE Leap 15.1.
How can I fix CVE-2019-15692?
To fix CVE-2019-15692, update your Tigervnc installation to version 1.10.1 or newer.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- vendor/tigervnc
- canonical/tigervnc tigervnc
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1