CVE-2019-15690
EUVD-2019-662924.01.2025, 18:15
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| libvnc_project | libvncserver | 𝑥 ≤ 0.9.12 | CNA |
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libvncserver |
| ||||||||||||||||||||||||||
| x11vnc |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libvncclient0 |
| ||||||||||||||||||||||||||||||||||||
| libvncclient1 |
| ||||||||||||||||||||||||||||||||||||
| libvncserver0 |
| ||||||||||||||||||||||||||||||||||||
| libvncserver1 |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| libvncserver |
| ||||||||
| libvncserver-devel |
|