TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
The product writes data past the end, or before the beginning, of the intended buffer.
| Link | Tags |
|---|---|
| https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438 | patch third party advisory exploit |
| https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 | third party advisory release notes |
| https://www.openwall.com/lists/oss-security/2019/12/20/2 | mailing list third party advisory exploit |
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html | vendor advisory mailing list third party advisory |