Candidate: CVE-2019-15678
PublicDate: 2019-10-29 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15678
 https://www.openwall.com/lists/oss-security/2018/12/10/5
Description:
 TightVNC code version 1.3.10 contains heap buffer overflow in
 rfbServerCutText handler, which can potentially result code execution..
 This attack appear to be exploitable via network connectivity.
Ubuntu-Description:
 Pavel Cheremushkin discovered that TightVNC contains a heap buffer overflow
 vulnerability. An attacker could use it to cause a Denial of Service or
 possible a remote code execution.
Notes:
 mdeslaur> this CVE is for tightvnc, the equivalent flaw was CVE-2018-20019
 mdeslaur> in libvncserver
Mitigation:
Bugs:
Priority: medium
Discovered-by: Pavel Cheremushkin
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_libvncserver:
upstream_libvncserver: needs-triage
precise/esm_libvncserver: DNE
trusty_libvncserver: ignored (out of standard support)
trusty/esm_libvncserver: DNE
xenial_libvncserver: not-affected
esm-infra/xenial_libvncserver: not-affected
bionic_libvncserver: not-affected
disco_libvncserver: not-affected
eoan_libvncserver: not-affected
focal_libvncserver: not-affected
groovy_libvncserver: not-affected
hirsute_libvncserver: not-affected
impish_libvncserver: not-affected
jammy_libvncserver: not-affected
devel_libvncserver: not-affected

Patches_x11vnc:
upstream_x11vnc: needs-triage
precise/esm_x11vnc: DNE
trusty_x11vnc: ignored (out of standard support)
trusty/esm_x11vnc: needs-triage
xenial_x11vnc: ignored (end of standard support, was needs-triage)
bionic_x11vnc: needs-triage
disco_x11vnc: ignored (reached end-of-life)
eoan_x11vnc: ignored (reached end-of-life)
focal_x11vnc: needs-triage
groovy_x11vnc: ignored (reached end-of-life)
hirsute_x11vnc: ignored (reached end-of-life)
impish_x11vnc: needs-triage
jammy_x11vnc: needs-triage
devel_x11vnc: needs-triage

Patches_vncsnapshot:
upstream_vncsnapshot: needs-triage
precise/esm_vncsnapshot: DNE
trusty_vncsnapshot: ignored (out of standard support)
trusty/esm_vncsnapshot: DNE
xenial_vncsnapshot: ignored (end of standard support, was needs-triage)
bionic_vncsnapshot: needs-triage
disco_vncsnapshot: ignored (reached end-of-life)
eoan_vncsnapshot: ignored (reached end-of-life)
focal_vncsnapshot: needs-triage
groovy_vncsnapshot: ignored (reached end-of-life)
hirsute_vncsnapshot: ignored (reached end-of-life)
impish_vncsnapshot: needs-triage
jammy_vncsnapshot: needs-triage
devel_vncsnapshot: needs-triage

Patches_vlc:
upstream_vlc: needs-triage
precise/esm_vlc: DNE
trusty_vlc: ignored (out of standard support)
trusty/esm_vlc: DNE
xenial_vlc: ignored (end of standard support, was needs-triage)
bionic_vlc: needs-triage
disco_vlc: ignored (reached end-of-life)
eoan_vlc: ignored (reached end-of-life)
focal_vlc: needs-triage
groovy_vlc: ignored (reached end-of-life)
hirsute_vlc: ignored (reached end-of-life)
impish_vlc: needs-triage
jammy_vlc: needs-triage
devel_vlc: needs-triage

Patches_vino:
upstream_vino: needs-triage
precise/esm_vino: DNE
trusty_vino: ignored (out of standard support)
trusty/esm_vino: DNE
xenial_vino: not-affected (code not present)
esm-infra/xenial_vino: not-affected (code not present)
bionic_vino: not-affected (code not present)
disco_vino: not-affected (code not present)
eoan_vino: not-affected (code not present)
focal_vino: not-affected (code not present)
groovy_vino: not-affected (code not present)
hirsute_vino: not-affected (code not present)
impish_vino: not-affected (code not present)
jammy_vino: not-affected (code not present)
devel_vino: not-affected (code not present)

Patches_directvnc:
upstream_directvnc: needs-triage
precise/esm_directvnc: DNE
trusty_directvnc: ignored (out of standard support)
trusty/esm_directvnc: DNE
xenial_directvnc: ignored (end of standard support, was needs-triage)
bionic_directvnc: needs-triage
disco_directvnc: ignored (reached end-of-life)
eoan_directvnc: ignored (reached end-of-life)
focal_directvnc: needs-triage
groovy_directvnc: ignored (reached end-of-life)
hirsute_directvnc: ignored (reached end-of-life)
impish_directvnc: needs-triage
jammy_directvnc: needs-triage
devel_directvnc: needs-triage

Patches_bochs:
upstream_bochs: needs-triage
precise/esm_bochs: DNE
trusty_bochs: ignored (out of standard support)
trusty/esm_bochs: DNE
xenial_bochs: ignored (end of standard support, was needs-triage)
bionic_bochs: needs-triage
disco_bochs: ignored (reached end-of-life)
eoan_bochs: ignored (reached end-of-life)
focal_bochs: needs-triage
groovy_bochs: ignored (reached end-of-life)
hirsute_bochs: ignored (reached end-of-life)
impish_bochs: needs-triage
jammy_bochs: needs-triage
devel_bochs: needs-triage

Patches_x2vnc:
upstream_x2vnc: needs-triage
precise/esm_x2vnc: DNE
trusty_x2vnc: ignored (out of standard support)
trusty/esm_x2vnc: DNE
xenial_x2vnc: ignored (end of standard support, was needs-triage)
bionic_x2vnc: needs-triage
disco_x2vnc: ignored (reached end-of-life)
eoan_x2vnc: ignored (reached end-of-life)
focal_x2vnc: needs-triage
groovy_x2vnc: ignored (reached end-of-life)
hirsute_x2vnc: ignored (reached end-of-life)
impish_x2vnc: needs-triage
jammy_x2vnc: needs-triage
devel_x2vnc: needs-triage

Patches_ssvnc:
upstream_ssvnc: needs-triage
precise/esm_ssvnc: DNE
trusty_ssvnc: ignored (out of standard support)
trusty/esm_ssvnc: DNE
xenial_ssvnc: ignored (end of standard support, was needs-triage)
bionic_ssvnc: needs-triage
disco_ssvnc: ignored (reached end-of-life)
eoan_ssvnc: ignored (reached end-of-life)
focal_ssvnc: needs-triage
groovy_ssvnc: ignored (reached end-of-life)
hirsute_ssvnc: ignored (reached end-of-life)
impish_ssvnc: needs-triage
jammy_ssvnc: needs-triage
devel_ssvnc: needs-triage

Patches_tightvnc:
upstream_tightvnc: needs-triage
precise/esm_tightvnc: DNE
trusty_tightvnc: ignored (out of standard support)
trusty/esm_tightvnc: DNE
xenial_tightvnc: ignored (end of standard support, was needs-triage)
bionic_tightvnc: needs-triage
disco_tightvnc: ignored (reached end-of-life)
eoan_tightvnc: ignored (reached end-of-life)
focal_tightvnc: needs-triage
groovy_tightvnc: ignored (reached end-of-life)
hirsute_tightvnc: ignored (reached end-of-life)
impish_tightvnc: needs-triage
jammy_tightvnc: needs-triage
devel_tightvnc: needs-triage

Patches_veyon:
upstream_veyon: needs-triage
precise/esm_veyon: DNE
trusty_veyon: ignored (out of standard support)
trusty/esm_veyon: DNE
xenial_veyon: DNE
bionic_veyon: DNE
disco_veyon: ignored (reached end-of-life)
eoan_veyon: ignored (reached end-of-life)
focal_veyon: needs-triage
groovy_veyon: ignored (reached end-of-life)
hirsute_veyon: ignored (reached end-of-life)
impish_veyon: needs-triage
jammy_veyon: needs-triage
devel_veyon: needs-triage