Vulnerability Description
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freerdp | Freerdp | <= 1.0.2 |
| Lodev | Lodepng | <= 2019-09-28 |
| Opensuse | Leap | 15.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.htmlThird Party Advisory
- https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df2PatchVendor Advisory
- https://github.com/FreeRDP/FreeRDP/issues/5645Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.htmlThird Party Advisory
- https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df2PatchVendor Advisory
- https://github.com/FreeRDP/FreeRDP/issues/5645Third Party Advisory
FAQ
What is CVE-2019-17178?
CVE-2019-17178 is a vulnerability with a CVSS score of 7.5 (HIGH). HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argume...
How severe is CVE-2019-17178?
CVE-2019-17178 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17178?
Check the references section above for vendor advisories and patch information. Affected products include: Freerdp Freerdp, Lodev Lodepng, Opensuse Leap.