{"id":"CVE-2019-15691","details":"TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.","modified":"2026-04-16T01:41:42.321667618Z","published":"2019-12-26T15:15:11.007Z","related":["SUSE-SU-2020:0112-1","SUSE-SU-2020:0113-1","SUSE-SU-2020:0159-1","SUSE-SU-2020:0266-1","SUSE-SU-2020:1749-1","openSUSE-SU-2020:0087-1","openSUSE-SU-2024:10591-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"15.1"}]}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"},{"type":"ADVISORY","url":"https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"},{"type":"FIX","url":"https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2019/12/20/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cendioossman/tigervnc","events":[{"introduced":"0"},{"fixed":"d61a767d6842b530ffb532ddd5a3d233119aad40"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v0.0.90","v1.1.90"],"database_specific":{"vanir_signatures_modified":"2026-04-11T21:07:53Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15691.json","vanir_signatures":[{"id":"CVE-2019-15691-04dd1a4b","deprecated":false,"signature_version":"v1","source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","digest":{"threshold":0.9,"line_hashes":["204303623166779238483887552030847066445","315248744224772188718157330175478084032","274052888296944522189054299778241086834","99278454269626142342656808396278254415","129200273769452118045281423186061236376","66410138041244921936826308424901009069","56699461020621311677795185682646461652","270238479249130790739426085113804358243","237461424953475085663702760926656209341","271414252301968336743012908368542265553","115871888166058619572916358196589886318","11561430391738875970152941522538060317","147798988072691765226872268718086014811","297002842891710211359237619512190540540","99546148120681019318710313316289490313","114449188950837210071159485790582287716","30913536482867902886706913537831080242","285874900460478948913974081577960528961","44353293067210972511899046648512017673","51714242551483705438645751140366274041","294932457647896663447891802988340384655","137943956225303363417200258513100500088","227776287069914516942238150235790379210","160939558957799929836128092512780031670","183078919098510615097977262654637261319"]},"target":{"file":"common/rdr/ZlibInStream.cxx"},"signature_type":"Line"},{"id":"CVE-2019-15691-071b0589","signature_type":"Function","digest":{"function_hash":"188719958389051162875645351898477883714","length":172},"source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","signature_version":"v1","deprecated":false,"target":{"function":"ZlibInStream::removeUnderlying","file":"common/rdr/ZlibInStream.cxx"}},{"id":"CVE-2019-15691-0abf3e86","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["283573142348958584063749098857273900459","271213403981126715822984092084399355833","236401509042081284432115388108426120354","257539202092736540493806258702287850625"]},"source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","signature_version":"v1","target":{"file":"common/rfb/TightDecoder.cxx"},"deprecated":false},{"id":"CVE-2019-15691-28b861e7","signature_type":"Function","digest":{"function_hash":"221642956635236838413485158598572996426","length":1902},"source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","signature_version":"v1","deprecated":false,"target":{"function":"CMsgReader::readExtendedClipboard","file":"common/rfb/CMsgReader.cxx"}},{"id":"CVE-2019-15691-49a0334c","target":{"file":"common/rfb/SMsgReader.cxx","function":"SMsgReader::readExtendedClipboard"},"signature_version":"v1","source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","digest":{"function_hash":"249330792118483963723572580780826680597","length":1902},"signature_type":"Function","deprecated":false},{"id":"CVE-2019-15691-57827c72","target":{"function":"ZlibInStream::deinit","file":"common/rdr/ZlibInStream.cxx"},"signature_version":"v1","source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","digest":{"function_hash":"168775130026271768724133891068112790317","length":119},"signature_type":"Function","deprecated":false},{"id":"CVE-2019-15691-58d1f584","signature_type":"Function","digest":{"function_hash":"69286648830172394634447434403236223546","length":524},"source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","signature_version":"v1","target":{"file":"common/rdr/ZlibInStream.cxx","function":"ZlibInStream::overrun"},"deprecated":false},{"id":"CVE-2019-15691-6531b0b2","target":{"file":"common/rfb/CMsgReader.cxx"},"signature_version":"v1","source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","digest":{"threshold":0.9,"line_hashes":["274246656046471054274455508987465116975","155336084131480830587677351237767330267","161525145810570613546861903989687480002","294677960825859464252552326682482888015"]},"signature_type":"Line","deprecated":false},{"id":"CVE-2019-15691-664aa1f5","signature_type":"Function","digest":{"function_hash":"229198749783017286414327185251349709420","length":659},"source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","signature_version":"v1","target":{"function":"ZlibInStream::decompress","file":"common/rdr/ZlibInStream.cxx"},"deprecated":false},{"id":"CVE-2019-15691-7b850b0a","deprecated":false,"signature_version":"v1","source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","digest":{"function_hash":"57376710133337312006532123831704652747","length":4052},"target":{"function":"TightDecoder::decodeRect","file":"common/rfb/TightDecoder.cxx"},"signature_type":"Function"},{"id":"CVE-2019-15691-7bfea507","deprecated":false,"signature_version":"v1","source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","digest":{"threshold":0.9,"line_hashes":["274246656046471054274455508987465116975","155336084131480830587677351237767330267","161525145810570613546861903989687480002","294677960825859464252552326682482888015"]},"target":{"file":"common/rfb/SMsgReader.cxx"},"signature_type":"Line"},{"id":"CVE-2019-15691-c6bf4d44","target":{"file":"common/rfb/zrleDecode.h"},"signature_version":"v1","source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","digest":{"threshold":0.9,"line_hashes":["62342344483068679382349342097763039855","294858835013547152210477521267800941482","223495274356914877116328582149186443821","321286448535167699616158033605795325838"]},"signature_type":"Line","deprecated":false},{"id":"CVE-2019-15691-d14116e1","target":{"file":"common/rfb/zrleDecode.h","function":"ZRLE_DECODE"},"signature_version":"v1","source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","digest":{"function_hash":"190650468540750458524944345589794886556","length":2283},"signature_type":"Function","deprecated":false},{"id":"CVE-2019-15691-f0a94c0d","target":{"file":"common/rdr/ZlibInStream.h"},"digest":{"threshold":0.9,"line_hashes":["163136916435026852702155602096944800336","101838244181060746566372222076658875810","53331831765539383648739417573224190047","225047734943380240864613502853964558918"]},"source":"https://github.com/cendioossman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40","signature_version":"v1","signature_type":"Line","deprecated":false}]}},{"ranges":[{"type":"GIT","repo":"https://github.com/tigervnc/tigervnc","events":[{"introduced":"0"},{"fixed":"4739493b635372bd40a34640a719f79fa90e4dba"}],"database_specific":{"cpe":"cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"1.10.1"}]}}],"versions":["v0.0.90","v1.1.90","v1.10.0","v1.9.90"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15691.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}