Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-15694

Опубликовано: 26 дек. 2019
Источник: nvd
CVSS3: 7.2
CVSS2: 6.5
EPSS Низкий

Описание

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*
Версия до 1.10.1 (исключая)
Конфигурация 2
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.06309
Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-122
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2019-15694

CVSS3: 7.2
ubuntu
около 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

redhat логотип

CVE-2019-15694

CVSS3: 7.2
redhat
около 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

debian логотип

CVE-2019-15694

CVSS3: 7.2
debian
около 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...

github логотип

GHSA-mm3v-7wx3-vx47

github
больше 3 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

fstec логотип

BDU:2021-01412

CVSS3: 7.2
fstec
около 6 лет назад

Уязвимость функции DecodeManager::decodeRect программного обеспечения VNC TigerVNC, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 91%
0.06309
Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-122
CWE-787