{"affected":[{"ecosystem_specific":{"binaries":[{"LibVNCServer":"0.9.1-160.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.1-160.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"LibVNCServer":"0.9.1-160.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.1-160.14.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for LibVNCServer fixes the following issues:\n\n- CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471).\n- CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419).\n- CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441).\n","id":"SUSE-SU-2020:14355-1","modified":"2020-05-04T09:32:51Z","published":"2020-05-04T09:32:51Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-202014355-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155419"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160471"},{"type":"REPORT","url":"https://bugzilla.suse.com/1170441"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15681"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15690"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-20788"}],"related":["CVE-2019-15681","CVE-2019-15690","CVE-2019-20788"],"summary":"Security update for LibVNCServer","upstream":["CVE-2019-15681","CVE-2019-15690","CVE-2019-20788"]}