CVE-2019-15695: Buffer Overflow
First published: Thu Dec 26 2019(Updated: )
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Credit: vulnerability@kaspersky.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TigerVNC | <1.10.1 | |
| openSUSE | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-15695?
CVE-2019-15695 is classified as a high severity vulnerability due to its potential impact on system integrity.
How do I fix CVE-2019-15695?
To fix CVE-2019-15695, upgrade TigerVNC to version 1.10.1 or later.
What types of software are affected by CVE-2019-15695?
CVE-2019-15695 affects versions of TigerVNC prior to 1.10.1 and openSUSE Leap 15.1.
Can CVE-2019-15695 be exploited remotely?
Yes, CVE-2019-15695 can be exploited remotely by attackers to trigger a stack buffer overflow.
What might happen if CVE-2019-15695 is exploited?
Exploitation of CVE-2019-15695 could allow an attacker to execute arbitrary code on the vulnerable system.
- agent/type
- agent/references
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tigervnc
- canonical/tigervnc
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1