TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Kaspersky
Published: 2019-12-26T15:24:00
Updated: 2024-08-05T00:56:22.455Z
Reserved: 2019-08-27T00:00:00
Link: CVE-2019-15695
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-26T16:15:10.793
Modified: 2024-11-21T04:29:16.647
Link: CVE-2019-15695
Redhat