CVE-2019-15691
- Source
- https://cve.org/CVERecord?id=CVE-2019-15691
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15691.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-15691
- Downstream
- Related
- Published
- 2019-12-26T15:15:11.007Z
- Modified
- 2026-02-01T10:53:25.998109Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html
- https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1
- https://www.openwall.com/lists/oss-security/2019/12/20/2
- https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40
- https://www.openwall.com/lists/oss-security/2019/12/20/2
- https://www.openwall.com/lists/oss-security/2019/12/20/2
Affected packages
Git / github.com/cendioossman/tigervnc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cendioossman/tigervnc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"digest": {
"line_hashes": [
"204303623166779238483887552030847066445",
"315248744224772188718157330175478084032",
"274052888296944522189054299778241086834",
"99278454269626142342656808396278254415",
"129200273769452118045281423186061236376",
"66410138041244921936826308424901009069",
"56699461020621311677795185682646461652",
"270238479249130790739426085113804358243",
"237461424953475085663702760926656209341",
"271414252301968336743012908368542265553",
"115871888166058619572916358196589886318",
"11561430391738875970152941522538060317",
"147798988072691765226872268718086014811",
"297002842891710211359237619512190540540",
"99546148120681019318710313316289490313",
"114449188950837210071159485790582287716",
"30913536482867902886706913537831080242",
"285874900460478948913974081577960528961",
"44353293067210972511899046648512017673",
"51714242551483705438645751140366274041",
"294932457647896663447891802988340384655",
"137943956225303363417200258513100500088",
"227776287069914516942238150235790379210",
"160939558957799929836128092512780031670",
"183078919098510615097977262654637261319"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-04dd1a4b",
"target": {
"file": "common/rdr/ZlibInStream.cxx"
}
},
{
"digest": {
"function_hash": "188719958389051162875645351898477883714",
"length": 172.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-071b0589",
"target": {
"function": "ZlibInStream::removeUnderlying",
"file": "common/rdr/ZlibInStream.cxx"
}
},
{
"digest": {
"line_hashes": [
"283573142348958584063749098857273900459",
"271213403981126715822984092084399355833",
"236401509042081284432115388108426120354",
"257539202092736540493806258702287850625"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-0abf3e86",
"target": {
"file": "common/rfb/TightDecoder.cxx"
}
},
{
"digest": {
"function_hash": "221642956635236838413485158598572996426",
"length": 1902.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-28b861e7",
"target": {
"function": "CMsgReader::readExtendedClipboard",
"file": "common/rfb/CMsgReader.cxx"
}
},
{
"digest": {
"function_hash": "249330792118483963723572580780826680597",
"length": 1902.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-49a0334c",
"target": {
"function": "SMsgReader::readExtendedClipboard",
"file": "common/rfb/SMsgReader.cxx"
}
},
{
"digest": {
"function_hash": "168775130026271768724133891068112790317",
"length": 119.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-57827c72",
"target": {
"function": "ZlibInStream::deinit",
"file": "common/rdr/ZlibInStream.cxx"
}
},
{
"digest": {
"function_hash": "69286648830172394634447434403236223546",
"length": 524.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-58d1f584",
"target": {
"function": "ZlibInStream::overrun",
"file": "common/rdr/ZlibInStream.cxx"
}
},
{
"digest": {
"line_hashes": [
"274246656046471054274455508987465116975",
"155336084131480830587677351237767330267",
"161525145810570613546861903989687480002",
"294677960825859464252552326682482888015"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-6531b0b2",
"target": {
"file": "common/rfb/CMsgReader.cxx"
}
},
{
"digest": {
"function_hash": "229198749783017286414327185251349709420",
"length": 659.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-664aa1f5",
"target": {
"function": "ZlibInStream::decompress",
"file": "common/rdr/ZlibInStream.cxx"
}
},
{
"digest": {
"function_hash": "57376710133337312006532123831704652747",
"length": 4052.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-7b850b0a",
"target": {
"function": "TightDecoder::decodeRect",
"file": "common/rfb/TightDecoder.cxx"
}
},
{
"digest": {
"line_hashes": [
"274246656046471054274455508987465116975",
"155336084131480830587677351237767330267",
"161525145810570613546861903989687480002",
"294677960825859464252552326682482888015"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-7bfea507",
"target": {
"file": "common/rfb/SMsgReader.cxx"
}
},
{
"digest": {
"line_hashes": [
"62342344483068679382349342097763039855",
"294858835013547152210477521267800941482",
"223495274356914877116328582149186443821",
"321286448535167699616158033605795325838"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-c6bf4d44",
"target": {
"file": "common/rfb/zrleDecode.h"
}
},
{
"digest": {
"function_hash": "190650468540750458524944345589794886556",
"length": 2283.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-d14116e1",
"target": {
"function": "ZRLE_DECODE",
"file": "common/rfb/zrleDecode.h"
}
},
{
"digest": {
"line_hashes": [
"163136916435026852702155602096944800336",
"101838244181060746566372222076658875810",
"53331831765539383648739417573224190047",
"225047734943380240864613502853964558918"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"id": "CVE-2019-15691-f0a94c0d",
"target": {
"file": "common/rdr/ZlibInStream.h"
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15691.json"