CVE-2019-15680

2019-10-2919:15:00

Debian Security Bug Tracker

security-tracker.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON

TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.

OSVersionArchitecturePackageVersionFilename
Debian12alllibvncserver<= 0.9.14+dfsg-1libvncserver_0.9.14+dfsg-1_all.deb
Debian11alllibvncserver<= 0.9.13+dfsg-2+deb11u1libvncserver_0.9.13+dfsg-2+deb11u1_all.deb
Debian10alllibvncserver<= 0.9.11+dfsg-1.3+deb10u4libvncserver_0.9.11+dfsg-1.3+deb10u4_all.deb
Debian999alllibvncserver<= 0.9.14+dfsg-1libvncserver_0.9.14+dfsg-1_all.deb
Debian13alllibvncserver<= 0.9.14+dfsg-1libvncserver_0.9.14+dfsg-1_all.deb
Debian12alltightvnc< 1:1.3.9-9.1tightvnc_1:1.3.9-9.1_all.deb
Debian11alltightvnc< 1:1.3.9-9.1tightvnc_1:1.3.9-9.1_all.deb
Debian10alltightvnc< 1:1.3.9-9deb10u1tightvnc_1:1.3.9-9deb10u1_all.deb
Debian999alltightvnc< 1:1.3.9-9.1tightvnc_1:1.3.9-9.1_all.deb
Debian13alltightvnc< 1:1.3.9-9.1tightvnc_1:1.3.9-9.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libvncserver	<= 0.9.14+dfsg-1	libvncserver_0.9.14+dfsg-1_all.deb
Debian	11	all	libvncserver	<= 0.9.13+dfsg-2+deb11u1	libvncserver_0.9.13+dfsg-2+deb11u1_all.deb
Debian	10	all	libvncserver	<= 0.9.11+dfsg-1.3+deb10u4	libvncserver_0.9.11+dfsg-1.3+deb10u4_all.deb
Debian	999	all	libvncserver	<= 0.9.14+dfsg-1	libvncserver_0.9.14+dfsg-1_all.deb
Debian	13	all	libvncserver	<= 0.9.14+dfsg-1	libvncserver_0.9.14+dfsg-1_all.deb
Debian	12	all	tightvnc	< 1:1.3.9-9.1	tightvnc_1:1.3.9-9.1_all.deb
Debian	11	all	tightvnc	< 1:1.3.9-9.1	tightvnc_1:1.3.9-9.1_all.deb
Debian	10	all	tightvnc	< 1:1.3.9-9deb10u1	tightvnc_1:1.3.9-9deb10u1_all.deb
Debian	999	all	tightvnc	< 1:1.3.9-9.1	tightvnc_1:1.3.9-9.1_all.deb
Debian	13	all	tightvnc	< 1:1.3.9-9.1	tightvnc_1:1.3.9-9.1_all.deb