Errata overview
Errata ID 644
Date 2020-03-11
Source package libvncserver
Fixed in version 0.9.11+dfsg-1.3~deb9u3
This update addresses the following issue:
* LibVNC contains a memory leak (CWE-655) in VNC server code, which allow an
  attacker to read stack memory and can be abused for information disclosure.
  Combined with another vulnerability, it can be used to leak stack memory
  and bypass ASLR. This attack appear to be exploitable via network
  connectivity. These vulnerabilities have been fixed. (CVE-2019-15681)
Additional notes
CVE ID CVE-2019-15681
UCS Bug number #50920