UBUNTU-CVE-2019-15681
- Source
- https://ubuntu.com/security/CVE-2019-15681
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-15681.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2019-15681
- Upstream
- Related
- Published
- 2019-10-29T19:15:00Z
- Modified
- 2025-07-14T07:00:11.419766Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc@1.3.9-6.5+deb8u1build0.14.04.1~esm1?arch=source&distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.9-6.5+deb8u1build0.14.04.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "tightvncserver"
},
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "tightvncserver-dbgsym"
},
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "xtightvncviewer"
},
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "xtightvncviewer-dbgsym"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Ubuntu:Pro:14.04:LTS / x11vnc
Package
- Name
- x11vnc
- Purl
- pkg:deb/ubuntu/x11vnc@0.9.13-1.1?arch=source&distro=esm-infra-legacy/trusty
Ubuntu:16.04:LTS / italc
Package
- Name
- italc
- Purl
- pkg:deb/ubuntu/italc@1:2.0.2+dfsg1-4ubuntu0.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.0.2+dfsg1-4ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-client"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-client-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-client-dbgsym"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-management-console"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-management-console-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-management-console-dbgsym"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-master"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-master-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-master-dbgsym"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "libitalccore"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "libitalccore-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "libitalccore-dbgsym"
}
],
"availability": "No subscription required"
}
Ubuntu:16.04:LTS / libvncserver
Package
- Name
- libvncserver
- Purl
- pkg:deb/ubuntu/libvncserver@0.9.10+dfsg-3ubuntu0.16.04.4?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.10+dfsg-3ubuntu0.16.04.4
Affected versions
0.*
0.9.10+dfsg-3
0.9.10+dfsg-3build1
0.9.10+dfsg-3ubuntu0.16.04.1
0.9.10+dfsg-3ubuntu0.16.04.2
0.9.10+dfsg-3ubuntu0.16.04.3
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
"binary_name": "libvncclient1"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
"binary_name": "libvncclient1-dbg"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
"binary_name": "libvncclient1-dbgsym"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
"binary_name": "libvncserver-config"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
"binary_name": "libvncserver-config-dbgsym"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
"binary_name": "libvncserver-dev"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
"binary_name": "libvncserver-dev-dbgsym"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
"binary_name": "libvncserver1"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
"binary_name": "libvncserver1-dbg"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
"binary_name": "libvncserver1-dbgsym"
}
],
"availability": "No subscription required"
}
Ubuntu:16.04:LTS / vino
Package
- Name
- vino
- Purl
- pkg:deb/ubuntu/vino@3.8.1-0ubuntu9.3?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.1-0ubuntu9.3
Ubuntu:Pro:16.04:LTS / krfb
Package
- Name
- krfb
- Purl
- pkg:deb/ubuntu/krfb@4:15.12.3-0ubuntu1?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:16.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc@1.3.10-0ubuntu3?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:16.04:LTS / x11vnc
Package
- Name
- x11vnc
- Purl
- pkg:deb/ubuntu/x11vnc@0.9.13-1.2ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.13-1.2ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.9.13-1.2ubuntu0.1~esm1",
"binary_name": "x11vnc"
},
{
"binary_version": "0.9.13-1.2ubuntu0.1~esm1",
"binary_name": "x11vnc-data"
},
{
"binary_version": "0.9.13-1.2ubuntu0.1~esm1",
"binary_name": "x11vnc-dbgsym"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:18.04:LTS / italc
Package
- Name
- italc
- Purl
- pkg:deb/ubuntu/italc@1:3.0.3+dfsg1-3ubuntu0.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.0.3+dfsg1-3ubuntu0.1
Affected versions
1:3.*
1:3.0.3+dfsg1-1
1:3.0.3+dfsg1-2
1:3.0.3+dfsg1-2build1
1:3.0.3+dfsg1-2ubuntu1
1:3.0.3+dfsg1-3
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-client"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-client-dbgsym"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-management-console"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-management-console-dbgsym"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-master"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-master-dbgsym"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "libitalccore"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "libitalccore-dbgsym"
}
],
"availability": "No subscription required"
}
Ubuntu:18.04:LTS / libvncserver
Package
- Name
- libvncserver
- Purl
- pkg:deb/ubuntu/libvncserver@0.9.11+dfsg-1ubuntu1.2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.11+dfsg-1ubuntu1.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.9.11+dfsg-1ubuntu1.2",
"binary_name": "libvncclient1"
},
{
"binary_version": "0.9.11+dfsg-1ubuntu1.2",
"binary_name": "libvncclient1-dbg"
},
{
"binary_version": "0.9.11+dfsg-1ubuntu1.2",
"binary_name": "libvncserver-config"
},
{
"binary_version": "0.9.11+dfsg-1ubuntu1.2",
"binary_name": "libvncserver-dev"
},
{
"binary_version": "0.9.11+dfsg-1ubuntu1.2",
"binary_name": "libvncserver1"
},
{
"binary_version": "0.9.11+dfsg-1ubuntu1.2",
"binary_name": "libvncserver1-dbg"
}
],
"availability": "No subscription required"
}
Ubuntu:18.04:LTS / vino
Package
- Name
- vino
- Purl
- pkg:deb/ubuntu/vino@3.22.0-3ubuntu1.1?arch=source&distro=bionic
Ubuntu:Pro:18.04:LTS / krfb
Package
- Name
- krfb
- Purl
- pkg:deb/ubuntu/krfb@4:17.12.3-0ubuntu1?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:18.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc@1.3.10-0ubuntu4?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:18.04:LTS / x11vnc
Package
- Name
- x11vnc
- Purl
- pkg:deb/ubuntu/x11vnc@0.9.13-3ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.13-3ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.9.13-3ubuntu0.1~esm1",
"binary_name": "x11vnc"
},
{
"binary_version": "0.9.13-3ubuntu0.1~esm1",
"binary_name": "x11vnc-data"
},
{
"binary_version": "0.9.13-3ubuntu0.1~esm1",
"binary_name": "x11vnc-dbgsym"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:20.04:LTS / libvncserver
Package
- Name
- libvncserver
- Purl
- pkg:deb/ubuntu/libvncserver@0.9.12+dfsg-8?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.12+dfsg-8
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.9.12+dfsg-8",
"binary_name": "libvncclient1"
},
{
"binary_version": "0.9.12+dfsg-8",
"binary_name": "libvncclient1-dbgsym"
},
{
"binary_version": "0.9.12+dfsg-8",
"binary_name": "libvncserver-dev"
},
{
"binary_version": "0.9.12+dfsg-8",
"binary_name": "libvncserver1"
},
{
"binary_version": "0.9.12+dfsg-8",
"binary_name": "libvncserver1-dbgsym"
}
],
"availability": "No subscription required"
}
Ubuntu:20.04:LTS / vino
Package
- Name
- vino
- Purl
- pkg:deb/ubuntu/vino@3.22.0-5ubuntu2.1?arch=source&distro=focal
Ubuntu:Pro:20.04:LTS / krfb
Package
- Name
- krfb
- Purl
- pkg:deb/ubuntu/krfb@4:19.12.3-1?arch=source&distro=esm-apps/focal
Ubuntu:Pro:20.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc@1.3.10-0ubuntu5?arch=source&distro=esm-apps/focal
Ubuntu:Pro:20.04:LTS / veyon
Package
- Name
- veyon
- Purl
- pkg:deb/ubuntu/veyon@4.3.1+repack1-2build2?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / krfb
Package
- Name
- krfb
- Purl
- pkg:deb/ubuntu/krfb@4:21.12.3-0ubuntu1?arch=source&distro=jammy
Ubuntu:22.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc@1:1.3.10-5?arch=source&distro=jammy
Ubuntu:22.04:LTS / veyon
Package
- Name
- veyon
- Purl
- pkg:deb/ubuntu/veyon@4.5.3+repack1-1build2?arch=source&distro=jammy
Ubuntu:24.04:LTS / krfb
Package
- Name
- krfb
- Purl
- pkg:deb/ubuntu/krfb@4:23.08.5-0ubuntu3?arch=source&distro=noble
Ubuntu:24.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc@1:1.3.10-8?arch=source&distro=noble
Ubuntu:24.04:LTS / veyon
Package
- Name
- veyon
- Purl
- pkg:deb/ubuntu/veyon@4.7.5+repack1-1ubuntu5?arch=source&distro=noble
Ubuntu:25.04 / krfb
Package
- Name
- krfb
- Purl
- pkg:deb/ubuntu/krfb@4:24.12.3-0ubuntu2?arch=source&distro=plucky
Ubuntu:25.04 / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc@1:1.3.10-9?arch=source&distro=plucky