vulnerability
CentOS Linux: CVE-2019-15690: Important: libvncserver security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Mar 23, 2020 | Mar 24, 2020 | Feb 18, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Mar 23, 2020
Added
Mar 24, 2020
Modified
Feb 18, 2025
Description
A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Solutions
centos-upgrade-libvncservercentos-upgrade-libvncserver-debuginfocentos-upgrade-libvncserver-debugsourcecentos-upgrade-libvncserver-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.