Bugzilla – Bug 1153164
VUL-0: CVE-2019-17178: freerdp: memory leak in HuffmanTree_makeFromFrequencies in lodepng.c
Last modified: 2020-04-28 12:53:40 UTC
CVE-2019-17178 HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17178 https://github.com/akallabeth/FreeRDP/commit/fc80ab45621bd966f70594c0b7393ec005a94007 https://github.com/FreeRDP/FreeRDP/issues/5645
Fix checked in all the affected codestreams.
SUSE-SU-2019:3077-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1153163,1153164 CVE References: CVE-2019-17177,CVE-2019-17178 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): freerdp-2.0.0~git.1463131968.4e66df7-12.11.1 SUSE Linux Enterprise Workstation Extension 12-SP4 (src): freerdp-2.0.0~git.1463131968.4e66df7-12.11.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): freerdp-2.0.0~git.1463131968.4e66df7-12.11.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): freerdp-2.0.0~git.1463131968.4e66df7-12.11.1 SUSE Linux Enterprise Desktop 12-SP4 (src): freerdp-2.0.0~git.1463131968.4e66df7-12.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:3078-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1153163,1153164 CVE References: CVE-2019-17177,CVE-2019-17178 Sources used: SUSE Linux Enterprise Workstation Extension 15 (src): freerdp-2.0.0~rc4-3.10.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): freerdp-2.0.0~rc4-3.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:3079-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1153163,1153164 CVE References: CVE-2019-17177,CVE-2019-17178 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP1 (src): freerdp-2.0.0~rc4-10.4.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): freerdp-2.0.0~rc4-10.4.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2604-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1153163,1153164 CVE References: CVE-2019-17177,CVE-2019-17178 Sources used: openSUSE Leap 15.0 (src): freerdp-2.0.0~rc4-lp150.10.1
openSUSE-SU-2019:2608-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1153163,1153164 CVE References: CVE-2019-17177,CVE-2019-17178 Sources used: openSUSE Leap 15.1 (src): freerdp-2.0.0~rc4-lp151.5.3.1
Done