CVE-2019-15691 Vulnerability Details

  /     /     /  

CVE-2019-15691 Metadata Quick Info

CVE Published: 26/12/2019 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: Kaspersky | Vendor: Kaspersky | Product: TigerVNC
Status : PUBLISHED

---

CVE-2019-15691 Description

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-825
CWE Name: CWE-825: Expired Pointer Dereference
Source: Kaspersky

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).