libvncserver.so is vulnerable out-of-bounds write. The attack can be triggered by causing heap buffer overflows via improper memory allocation and handling.
cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
github.com/LibVNC/libvncserver/commit/a83439b9fbe0f03c48eb94ed05729cb016f8b72f
ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/
lists.debian.org/debian-lts-announce/2018/12/msg00017.html
lists.debian.org/debian-lts-announce/2019/10/msg00042.html
security.gentoo.org/glsa/201908-05
usn.ubuntu.com/3877-1/
usn.ubuntu.com/4547-1/
usn.ubuntu.com/4587-1/
www.debian.org/security/2019/dsa-4383