CVE-2019-15690 – libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow

https://notcve.org/view.php?id=CVE-2019-15690

23 Mar 2020 — A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overfl... • https://access.redhat.com/security/cve/CVE-2019-15690 • CWE-122: Heap-based Buffer Overflow •