{"id":"CVE-2019-15692","details":"TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.","modified":"2026-04-16T04:38:24.344991763Z","published":"2019-12-26T15:15:11.147Z","related":["SUSE-SU-2020:0112-1","SUSE-SU-2020:0113-1","SUSE-SU-2020:0159-1","SUSE-SU-2020:0266-1","SUSE-SU-2020:1749-1","openSUSE-SU-2020:0087-1","openSUSE-SU-2024:10591-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"},{"type":"ADVISORY","url":"https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"},{"type":"FIX","url":"https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2019/12/20/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cendioossman/tigervnc","events":[{"introduced":"0"},{"fixed":"996356b6c65ca165ee1ea46a571c32a1dc3c3821"}]},{"type":"GIT","repo":"https://github.com/tigervnc/tigervnc","events":[{"introduced":"0"},{"fixed":"4739493b635372bd40a34640a719f79fa90e4dba"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.10.1"}]}}],"versions":["v0.0.90","v1.1.90","v1.10.0","v1.9.90"],"database_specific":{"vanir_signatures":[{"id":"CVE-2019-15692-5e3ac25c","deprecated":false,"signature_type":"Function","digest":{"length":188,"function_hash":"137663250478881754422468393661624500259"},"signature_version":"v1","target":{"function":"FullFramePixelBuffer::setBuffer","file":"common/rfb/PixelBuffer.cxx"},"source":"https://github.com/cendioossman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821"},{"id":"CVE-2019-15692-68bcb23a","deprecated":false,"signature_type":"Function","digest":{"length":97,"function_hash":"314322362212804435999773152376304328589"},"signature_version":"v1","target":{"function":"PixelBuffer::setSize","file":"common/rfb/PixelBuffer.cxx"},"source":"https://github.com/cendioossman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821"},{"id":"CVE-2019-15692-7dd42b61","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["168996672940369909676115174818288778088","13900705579432613094098652131674056094","108420105531892965375792441098246925094","285809962758851172979569908944258732998","78043888707781922736952559322924824672","81365129688946810061282529014797843602","174485395056516859412971562483711709132","83195346651603593710178310374587794493","70857029825018839529435537888291655195","24470555368808820631825685207351685863","132540213983604438509553248019119597545"],"threshold":0.9},"signature_version":"v1","target":{"file":"common/rfb/PixelBuffer.cxx"},"source":"https://github.com/cendioossman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"vanir_signatures_modified":"2026-04-11T14:11:02Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15692.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}