CVE-2019-15690

High

Published: 24 January 2025

Published

24 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0433 89.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.

Security Summary

CVE-2019-15690 is a heap buffer overflow vulnerability (CWE-122) affecting LibVNCServer versions 0.9.12 and earlier. The flaw resides in the HandleCursorShape() function within libvncclient/cursor.c, where processing cursor shapes with specially crafted dimensions triggers the overflow. This issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote code execution.

An unauthenticated attacker with network access can exploit this vulnerability by sending malformed cursor shape data to a vulnerable VNC client. Exploitation requires user interaction, such as rendering the cursor in a VNC session, after which the attacker can achieve remote code execution on the target system, resulting in high impacts to confidentiality, integrity, and availability.

The Kaspersky ICS-CERT advisory (KLCERT-20-009) at https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/ provides further details on this remote code execution issue in LibVNC versions prior to 0.9.12.

Details

CWE(s): CWE-122

References

https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/
vulnerability@kaspersky.com