Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-15691: Release TigerVNC 1.10.1 · TigerVNC/tigervnc

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

CVE
#vulnerability#rce#auth

This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side.

No working exploit is known at this time, and the issues require the peer to first be authenticated. We still urge users to upgrade when possible.

Binaries are available from SourceForge:

https://sourceforge.net/projects/tigervnc/files/stable/1.10.1/

Regards
The TigerVNC Developers

Related news

Gentoo Linux Security Advisory 202407-14

Gentoo Linux Security Advisory 202407-14 - Multiple vulnerabilities have been discovered in TigerVNC, the worst of which could lead to remote code execution. Versions greater than or equal to 1.12.0-r2 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907