CVE-2019-15694: Buffer Overflow
First published: Thu Dec 26 2019(Updated: )
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Credit: vulnerability@kaspersky.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tigervnc | <1.10.1 | |
| SUSE Linux | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15694?
CVE-2019-15694 is a vulnerability in TigerVNC version prior to 1.10.1 that allows for a heap buffer overflow, potentially leading to remote code execution.
How severe is CVE-2019-15694?
CVE-2019-15694 has a severity rating of 7.2 (High).
How does CVE-2019-15694 occur?
CVE-2019-15694 is caused by a signness error in processing MemOutStream, specifically in the DecodeManager::decodeRect function.
Which software versions are affected by CVE-2019-15694?
TigerVNC versions prior to 1.10.1 and openSUSE Leap 15.1 are affected by CVE-2019-15694.
How can I fix CVE-2019-15694?
To fix CVE-2019-15694, update TigerVNC to version 1.10.1 or higher.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tigervnc
- canonical/tigervnc
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.1