1789527 – (CVE-2019-15692) CVE-2019-15692 tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks

Bug 1789527 (CVE-2019-15692) - CVE-2019-15692 tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks

Summary: CVE-2019-15692 tigervnc: Heap buffer overflow triggered from CopyRectDecoder ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-15692
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1789528 1791747 1791748 1819886 1819887
Blocks:	1790319
TreeView+	depends on / blocked

Reported:	2020-01-09 18:33 UTC by Guilherme de Almeida Suckevicz
Modified:	2020-09-29 19:27 UTC (History)
CC List:	4 users (show)
Fixed In Version:	tigervnc 1.10.1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-04-16 22:31:49 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:1497	0	None	None	None	2020-04-16 21:06:29 UTC
Red Hat Product Errata	RHSA-2020:3875	0	None	None	None	2020-09-29 19:27:43 UTC

Description Guilherme de Almeida Suckevicz 2020-01-09 18:33:47 UTC

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Reference and upstream commit:
https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821

Comment 1 Guilherme de Almeida Suckevicz 2020-01-09 18:34:03 UTC

Created tigervnc tracking bugs for this issue:

Affects: fedora-all [bug 1789528]

Comment 2 Huzaifa S. Sidhpurwala 2020-01-16 12:25:36 UTC

https://github.com/TigerVNC/tigervnc/pull/921

As per upstream " All issues require a successfully authenticated connection though."

Comment 4 errata-xmlrpc 2020-04-16 21:06:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1497 https://access.redhat.com/errata/RHSA-2020:1497

Comment 5 Product Security DevOps Team 2020-04-16 22:31:49 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-15692

Comment 6 errata-xmlrpc 2020-09-29 19:27:41 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:3875 https://access.redhat.com/errata/RHSA-2020:3875

Note You need to log in before you can comment on or make changes to this bug.