Skip to main content

Tigervnc CVE-2017-7392

HIGH
Missing Release of Resource after Effective Lifetime (CWE-772)
2017-04-01 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 01, 2017 - 02:59 cve.org
HIGH 7.5

DescriptionCVE.org

In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.

AnalysisAI

In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-772. In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. Affected products include: Tigervnc.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-10207 HIGH POC
7.5 Feb 28

The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by te

CVE-2019-15695 HIGH POC
7.2 Dec 26

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readS

CVE-2019-15694 HIGH POC
7.2 Dec 26

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::dec

CVE-2019-15693 HIGH POC
7.2 Dec 26

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Ra

CVE-2019-15692 HIGH POC
7.2 Dec 26

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Rated high severity (CVSS 7.2), this vulnerabili

CVE-2019-15691 HIGH POC
7.2 Dec 26

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack m

CVE-2017-5581 CRITICAL
9.8 Feb 28

Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execut

CVE-2014-8241 CRITICAL
9.8 Dec 14

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging fail

CVE-2017-7393 HIGH
8.8 Apr 01

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leadi

CVE-2026-34352 HIGH
8.5 Mar 26

TigerVNC x0vncserver versions prior to 1.16.2 expose screen contents to unauthorized local users through incorrect file

CVE-2020-26117 HIGH
8.1 Sep 27

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exception

CVE-2023-6377 HIGH
7.8 Dec 13

A flaw was found in xorg-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-o

Share

CVE-2017-7392 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy