CVE-2019-15681
Description
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory leak in LibVNC's ServerCutText message handling allows remote attackers to read stack memory, potentially bypassing ASLR.
Vulnerability
CVE-2019-15681 is a memory leak (CWE-655) in the VNC server code of LibVNCServer, specifically in the handling of ServerCutText messages. The vulnerability exists in versions prior to commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. When a ServerCutText message is sent, the server fails to properly free allocated memory, leading to a leak that can expose stack memory contents. This issue affects LibVNCServer and downstream products such as iTALC and Vino [2][3][4].
Exploitation
An attacker with network connectivity to a vulnerable VNC server can trigger the memory leak by sending a crafted ServerCutText message. No authentication is required, as the vulnerability is reachable during the initial handshake or normal operation. The attacker can repeatedly trigger the leak to accumulate leaked stack data, which may include sensitive information such as memory addresses. Combined with another vulnerability, this information can be used to bypass ASLR [2][4].
Impact
Successful exploitation results in information disclosure of stack memory contents. The attacker gains the ability to read potentially sensitive data, such as memory addresses, which can be leveraged to defeat address space layout randomization (ASLR). This does not directly provide code execution but can be a stepping stone for further attacks [2][3][4].
Mitigation
The vulnerability is fixed in LibVNCServer commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. Ubuntu has released updated packages for LibVNCServer (USN-4407-1), iTALC (USN-4547-1), and Vino (USN-4573-1) that include the fix [2][3][4]. Users should update to the latest versions of these packages. No workaround is available if the patch cannot be applied.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
33- osv-coords31 versionspkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/vino&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/vino&distro=openSUSE%20Tumbleweedpkg:rpm/suse/LibVNCServer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/LibVNCServer&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/vino&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/vino&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/vino&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vino&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/vino&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 0.9.10-lp151.7.3.1+ 30 more
- (no CPE)range: < 0.9.10-lp151.7.3.1
- (no CPE)range: < 3.22.0-lp151.4.3.1
- (no CPE)range: < 3.22.0-7.9
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.10-4.14.1
- (no CPE)range: < 0.9.1-160.14.1
- (no CPE)range: < 0.9.1-160.14.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.10-4.14.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 3.22.0-3.6.76
- (no CPE)range: < 3.20.2-7.3.21
- (no CPE)range: < 3.20.2-7.3.21
- (no CPE)range: < 3.20.2-7.3.21
- (no CPE)range: < 3.20.2-7.3.21
- Kaspersky/LibVNCv5Range: 0.9.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4407-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4547-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4573-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4587-1/mitrevendor-advisoryx_refsource_UBUNTU
- cert-portal.siemens.com/productcert/pdf/ssa-390195.pdfmitrex_refsource_CONFIRM
- github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82amitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/10/msg00039.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/11/msg00032.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.