CVE-2019-20788
CVE-2019-20788 is a critical-severity vulnerability in Libvnc Project Libvncserver with a CVSS 3.x base score of 9.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-190.
Key facts
- Severity: Critical (CVSS 3.x base score 9.8)
- CVSS v2: 7.5
- EPSS exploit prediction: 2% (82nd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-190
- Affected product: Libvnc Project Libvncserver
- Published:
- Last modified:
Description
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
Frequently asked questions
- What is CVE-2019-20788?
- libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
- How severe is CVE-2019-20788?
- CVE-2019-20788 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2019-20788 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (82nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2019-20788?
- CVE-2019-20788 primarily affects Libvnc Project Libvncserver. In total, 14 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2019-20788?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2019-20788 published?
- CVE-2019-20788 was published on 2020-04-23 and last updated on 2026-06-17.
References
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
- https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed
- https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient
- https://usn.ubuntu.com/4407-1/
Affected products (14)
- cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Libvnc Project Libvncserver
- CVE-2018-20750 — Critical (CVSS 9.8): LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for…
- CVE-2018-20749 — Critical (CVSS 9.8): LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for…
- CVE-2018-20748 — Critical (CVSS 9.8): LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for…
- CVE-2018-20020 — Critical (CVSS 9.8): LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside…
- CVE-2018-20019 — Critical (CVSS 9.8): LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities…
- CVE-2018-15127 — Critical (CVSS 9.8): LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server…
All CVEs affecting Libvnc Project Libvncserver →
Other CWE-190 (Integer Overflow or Wraparound) vulnerabilities
- CVE-2026-4689 — Critical (CVSS 10.0): Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was…
- CVE-2026-24814 — Critical (CVSS 10.0): Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is…
- CVE-2025-64721 — Critical (CVSS 10.0): Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions…
- CVE-2015-5108 — Critical (CVSS 10.0): Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC…
- CVE-2015-5097 — Critical (CVSS 10.0): Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC…
- CVE-2013-2555 — Critical (CVSS 10.0): Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before…
Browse all CWE-190 (Integer Overflow or Wraparound) vulnerabilities →