High severity7.5NVD Advisory· Published Oct 29, 2019· Updated Jun 17, 2026
CVE-2019-15681
CVE-2019-15681
Description
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
33- osv-coords31 versionspkg:rpm/opensuse/LibVNCServer&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/vino&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/vino&distro=openSUSE%20Tumbleweedpkg:rpm/suse/LibVNCServer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/LibVNCServer&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/LibVNCServer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/vino&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/vino&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/vino&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vino&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/vino&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 0.9.10-lp151.7.3.1+ 30 more
- (no CPE)range: < 0.9.10-lp151.7.3.1
- (no CPE)range: < 3.22.0-lp151.4.3.1
- (no CPE)range: < 3.22.0-7.9
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.10-4.14.1
- (no CPE)range: < 0.9.1-160.14.1
- (no CPE)range: < 0.9.1-160.14.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.10-4.14.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 0.9.9-17.19.1
- (no CPE)range: < 3.22.0-3.6.76
- (no CPE)range: < 3.20.2-7.3.21
- (no CPE)range: < 3.20.2-7.3.21
- (no CPE)range: < 3.20.2-7.3.21
- (no CPE)range: < 3.20.2-7.3.21
- Kaspersky/LibVNCv5Range: 0.9.12
Patches
Vulnerability mechanics
References
12- github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82anvdPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.htmlnvdMailing ListThird Party Advisory
- cert-portal.siemens.com/productcert/pdf/ssa-390195.pdfnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/10/msg00039.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/11/msg00032.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/4407-1/nvdThird Party Advisory
- usn.ubuntu.com/4547-1/nvdThird Party Advisory
- usn.ubuntu.com/4573-1/nvdThird Party Advisory
- usn.ubuntu.com/4587-1/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.