TigerVNC's x0vncserver component is susceptible to a high-severity local privilege risk due to overly permissive file settings.

This vulnerability (CWE-732) arises from the use of 0777 permissions on shared memory segments. This allows any local user to access, observe, or manipulate the contents of the remote desktop session.

With a CVSS score of 8.5, this flaw allows for unauthorized information disclosure and potential control of the VNC session by local attackers. This could lead to the theft of sensitive data displayed on the screen or unauthorized interaction with the user's desktop environment.

Immediate Action: Update TigerVNC to version 1.16.2 or later to ensure correct file permissions are enforced.

Proactive Monitoring: Monitor local system logs for unauthorized access to shared memory files or unusual local user activity on systems running x0vncserver.

Compensating Controls: If patching is delayed, restrict the ability of unauthorized users to log into the host system, or disable x0vncserver if it is not required for business operations.

Public Exploit Available: false

This vulnerability highlights the risk of insecure local configuration. Users of TigerVNC should prioritize the update to version 1.16.2 to mitigate the risk of local information disclosure and session manipulation.