CVE-2019-15690
Published: 24 January 2025
Summary
CVE-2019-15690 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Kaspersky (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 10.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2019-15690 is a heap buffer overflow vulnerability (CWE-122) affecting LibVNCServer versions 0.9.12 and earlier. The flaw resides in the HandleCursorShape() function within libvncclient/cursor.c, where processing cursor shapes with specially crafted dimensions triggers the overflow. This issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote code execution.
An unauthenticated attacker with network access can exploit this vulnerability by sending malformed cursor shape data to a vulnerable VNC client. Exploitation requires user interaction, such as rendering the cursor in a VNC session, after which the attacker can achieve remote code execution on the target system, resulting in high impacts to confidentiality, integrity, and availability.
The Kaspersky ICS-CERT advisory (KLCERT-20-009) at https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/ provides further details on this remote code execution issue in LibVNC versions prior to 0.9.12.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-6629
Vulnerability details
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in VNC client enables remote code execution via Exploitation for Client Execution (T1203) when processing attacker-controlled cursor data over a network connection.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the heap buffer overflow vulnerability in LibVNCServer by identifying, testing, and applying patches to versions 0.9.12 and earlier.
Implements memory protections such as ASLR, DEP, and stack canaries to prevent remote code execution from heap buffer overflows triggered by crafted cursor shapes.
Validates incoming cursor shape dimensions and data in the VNC client to ensure they conform to expected formats, preventing the buffer overflow exploitation.