Cyber Resilience

CVE-2019-15690

High

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0433 89.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-15690 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Kaspersky (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 10.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2019-15690 is a heap buffer overflow vulnerability (CWE-122) affecting LibVNCServer versions 0.9.12 and earlier. The flaw resides in the HandleCursorShape() function within libvncclient/cursor.c, where processing cursor shapes with specially crafted dimensions triggers the overflow. This issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote code execution.

An unauthenticated attacker with network access can exploit this vulnerability by sending malformed cursor shape data to a vulnerable VNC client. Exploitation requires user interaction, such as rendering the cursor in a VNC session, after which the attacker can achieve remote code execution on the target system, resulting in high impacts to confidentiality, integrity, and availability.

The Kaspersky ICS-CERT advisory (KLCERT-20-009) at https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/ provides further details on this remote code execution issue in LibVNC versions prior to 0.9.12.

EU & UK References

Vulnerability details

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Heap buffer overflow in VNC client enables remote code execution via Exploitation for Client Execution (T1203) when processing attacker-controlled cursor data over a network connection.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21339Shared CWE-122
CVE-2025-59295Shared CWE-122
CVE-2025-21407Shared CWE-122
CVE-2026-40363Shared CWE-122
CVE-2026-5272Shared CWE-122
CVE-2025-21171Shared CWE-122
CVE-2026-20777Shared CWE-122
CVE-2025-22880Shared CWE-122
CVE-2026-22854Shared CWE-122
CVE-2025-21303Shared CWE-122

Affected Assets

Kaspersky
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the heap buffer overflow vulnerability in LibVNCServer by identifying, testing, and applying patches to versions 0.9.12 and earlier.

prevent

Implements memory protections such as ASLR, DEP, and stack canaries to prevent remote code execution from heap buffer overflows triggered by crafted cursor shapes.

prevent

Validates incoming cursor shape dimensions and data in the VNC client to ensure they conform to expected formats, preventing the buffer overflow exploitation.

References