CVE-2019-15680

HIGH

TightVNC 1.3.10 - Denial of Service via Null Pointer Dereference in HandleZlibBPP

Title source: llm
STIX 2.1

Description

TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.

References (5)

Core 5
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://www.openwall.com/lists/oss-security/2018/12/10/5
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4407-1/
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08

Scores

CVSS v3 7.5
EPSS 0.0278
EPSS Percentile 84.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (1)
tightvnc/tightvnc 1.3.10
Published Oct 29, 2019
Tracked Since Feb 18, 2026