libvncserver.so is vulnerable to memory leak. The leak is due to improper initialization of string in the ConnectToRFBRepeater
function, allowing to read stack memory.
github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
lists.debian.org/debian-lts-announce/2018/12/msg00017.html
lists.debian.org/debian-lts-announce/2019/10/msg00042.html
security.gentoo.org/glsa/201908-05
usn.ubuntu.com/3877-1/
usn.ubuntu.com/4547-1/
usn.ubuntu.com/4587-1/
www.debian.org/security/2019/dsa-4383