{"id":"CVE-2019-15693","details":"TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.","modified":"2026-04-16T04:33:03.583635181Z","published":"2019-12-26T15:15:11.257Z","related":["SUSE-SU-2020:0112-1","SUSE-SU-2020:0113-1","SUSE-SU-2020:0159-1","SUSE-SU-2020:0266-1","SUSE-SU-2020:1749-1","openSUSE-SU-2020:0087-1","openSUSE-SU-2024:10591-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"},{"type":"ADVISORY","url":"https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"},{"type":"FIX","url":"https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2019/12/20/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cendioossman/tigervnc","events":[{"introduced":"0"},{"fixed":"b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95"}]},{"type":"GIT","repo":"https://github.com/tigervnc/tigervnc","events":[{"introduced":"0"},{"fixed":"4739493b635372bd40a34640a719f79fa90e4dba"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.10.1"}]}}],"versions":["v0.0.90","v1.1.90","v1.10.0","v1.9.90"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15693.json","vanir_signatures":[{"source":"https://github.com/cendioossman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95","deprecated":false,"signature_version":"v1","signature_type":"Function","id":"CVE-2019-15693-0778f897","target":{"file":"common/rfb/tightDecode.h","function":"TightDecoder::FilterGradient24"},"digest":{"function_hash":"161533384762656642991908016226820675801","length":1114}},{"signature_type":"Function","deprecated":false,"signature_version":"v1","digest":{"function_hash":"15078154590552314086322110788077167964","length":1241},"id":"CVE-2019-15693-0f28dc62","target":{"file":"common/rfb/tightDecode.h","function":"TightDecoder::FilterGradient"},"source":"https://github.com/cendioossman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95"},{"source":"https://github.com/cendioossman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95","deprecated":false,"signature_version":"v1","signature_type":"Line","id":"CVE-2019-15693-88485049","target":{"file":"common/rfb/tightDecode.h"},"digest":{"threshold":0.9,"line_hashes":["293455449759008813589093370358687204021","325843735815826093212861249029613301064","136591138797822271697212927084004582351","62052450669799827691813475708858346363","337928664818970489339721796832910053544","93143391051428726767418149145675560953","317784546308526455607118808614036723427","128344201559584871911909258738499665899","177806965800441837721188648140893735849","112483111471243258414108181407805726649","339082532496385597166058674788704540274","45688700836358365768598936923207689267","142890125048347970355594432742912803847","54921379597364198587993663848271405886","8349089216622482553689210365120426753","119047859076443823313001192459542761695","128344201559584871911909258738499665899","329093963382497243144142375750350552265"]}}],"vanir_signatures_modified":"2026-04-11T14:11:01Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}