CVE-2019-15693

NameCVE-2019-15693
DescriptionTigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs947428

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tigervnc (PTS)stretch (security), stretch (lts), stretch1.7.0+dfsg-7+deb9u2fixed
buster1.9.0+dfsg-3+deb10u3fixed
bullseye1.11.0+dfsg-2+deb11u1fixed
bookworm1.12.0+dfsg-8fixed
sid, trixie1.13.1+dfsg-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tigervncsourcestretch1.7.0+dfsg-7+deb9u1
tigervncsourcebuster1.9.0+dfsg-3+deb10u1
tigervncsource(unstable)1.10.1+dfsg-1947428

Notes

https://www.openwall.com/lists/oss-security/2019/12/20/2
https://github.com/TigerVNC/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95 (master)
https://github.com/TigerVNC/tigervnc/commit/46c081926efd83c90a45c0a96b1b5bc1927e1346 (v1.10.1)

Search for package or bug name: Reporting problems