Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-15692

Опубликовано: 26 дек. 2019
Источник: debian
EPSS Низкий

Описание

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tigervncfixed1.10.1+dfsg-1package
tigervncfixed1.9.0+dfsg-3+deb10u1busterpackage
tigervncfixed1.7.0+dfsg-7+deb9u1stretchpackage

Примечания

  • https://www.openwall.com/lists/oss-security/2019/12/20/2

  • https://github.com/TigerVNC/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821 (master)

  • https://github.com/TigerVNC/tigervnc/commit/ff08ca78b24b5a4ed5263245c7ce8744059ff4ad (v1.10.1)

EPSS

Процентиль: 90%
0.05042
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-15692

CVSS3: 7.2
ubuntu
больше 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

redhat логотип

CVE-2019-15692

CVSS3: 7.2
redhat
больше 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

nvd логотип

CVE-2019-15692

CVSS3: 7.2
nvd
больше 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

github логотип

GHSA-hc53-6v72-2h55

CVSS3: 7.2
github
почти 4 года назад

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

fstec логотип

BDU:2021-01413

CVSS3: 7.2
fstec
больше 6 лет назад

Уязвимость декодера CopyRectDecoder программного обеспечения VNC TigerVNC, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 90%
0.05042
Низкий
Уязвимость CVE-2019-15692