Wind River Support Network

HomeDefectsLIN1019-3874
Fixed

LIN1019-3874 : Security Advisory - tigervnc - CVE-2019-15694

Created: Dec 31, 2019    Updated: Feb 16, 2023
Resolved Date: Feb 16, 2023
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace

Description

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

CREATE(Triage):(User=admin) CVE-2019-15694 (https://nvd.nist.gov/vuln/detail/CVE-2019-15694)

CVEs


Live chat
Online