CVE-2019-15695 Vulnerability Details

  /     /     /  

CVE-2019-15695 Metadata Quick Info

CVE Published: 26/12/2019 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: Kaspersky | Vendor: Kaspersky | Product: TigerVNC
Status : PUBLISHED

---

CVE-2019-15695 Description

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-121
CWE Name: CWE-121: Stack-based Buffer Overflow
Source: Kaspersky

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).