Bug 1789527 (CVE-2019-15692) - CVE-2019-15692 tigervnc: heap-based buffer overflow triggered from CopyRectDecoder due to incorrect value checks
Summary: CVE-2019-15692 tigervnc: heap-based buffer overflow triggered from CopyRectDe...
Keywords:
Status: NEW
Alias: CVE-2019-15692
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1791747 1791748 1789528
Blocks: 1790319
TreeView+ depends on / blocked
 
Reported: 2020-01-09 18:33 UTC by Guilherme de Almeida Suckevicz
Modified: 2020-01-16 12:33 UTC (History)
4 users (show)

Fixed In Version: tigervnc 1.10.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-01-09 18:33:47 UTC
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Reference and upstream commit:
https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821

Comment 1 Guilherme de Almeida Suckevicz 2020-01-09 18:34:03 UTC
Created tigervnc tracking bugs for this issue:

Affects: fedora-all [bug 1789528]

Comment 2 Huzaifa S. Sidhpurwala 2020-01-16 12:25:36 UTC
https://github.com/TigerVNC/tigervnc/pull/921

As per upstream " All issues require a successfully authenticated connection though."


Note You need to log in before you can comment on or make changes to this bug.