tigervnc is vulnerable to remote code execution (RCE). It is possible due to a heap buffer overflow in DecodeManager::decodeRect.
CPE | Name | Operator | Version |
---|---|---|---|
tigervnc | eq | 1.8.0__13.el7 | |
tigervnc | eq | 1.8.0__17.el7 | |
tigervnc | eq | 1.8.0__19.el7 |
lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
access.redhat.com/errata/RHSA-2020:3875
access.redhat.com/security/updates/classification/#moderate
github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438
github.com/TigerVNC/tigervnc/releases/tag/v1.10.1
www.openwall.com/lists/oss-security/2019/12/20/2