{"id":"MGASA-2019-0368","summary":"Updated libvncserver packages fix security vulnerability","details":"Updated libvncserver packages fix security vulnerability:\n\nLibVNC contained a memory leak in VNC server code, which allowed an\nattacker to read stack memory and could be abused for information\ndisclosure. Combined with another vulnerability, it could be used to\nleak stack memory and bypass ASLR. This attack appeared to be\nexploitable via network connectivity (CVE-2019-15681).\n","modified":"2026-04-16T00:11:22.392426999Z","published":"2019-12-06T14:15:42Z","upstream":["CVE-2019-15681"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0368.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25788"},{"type":"WEB","url":"https://www.debian.org/lts/security/2019/dla-2014"}],"affected":[{"package":{"name":"libvncserver","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/libvncserver?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.12-2.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0368.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}