Candidate: CVE-2019-17178
PublicDate: 2019-10-04 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17178
 https://github.com/FreeRDP/FreeRDP/issues/5645
 https://github.com/akallabeth/FreeRDP/commit/fc80ab45621bd966f70594c0b7393ec005a94007
Description:
 HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28,
 as used in WinPR in FreeRDP and other products, has a memory leak because a
 supplied realloc pointer (i.e., the first argument to realloc) is also used
 for a realloc return value.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_freerdp2:
upstream_freerdp2: released (2.0.0~git20190204.1.2693389a+dfsg1-2)
precise/esm_freerdp2: DNE
trusty_freerdp2: ignored (out of standard support)
trusty/esm_freerdp2: DNE
xenial_freerdp2: DNE
bionic_freerdp2: not-affected (2.1.1+dfsg1-0ubuntu0.18.04.1)
focal_freerdp2: not-affected
groovy_freerdp2: not-affected
hirsute_freerdp2: not-affected
impish_freerdp2: not-affected
jammy_freerdp2: not-affected
devel_freerdp2: not-affected

Patches_freerdp:
upstream_freerdp: needs-triage
precise/esm_freerdp: DNE
trusty_freerdp: ignored (out of standard support)
trusty/esm_freerdp: DNE
xenial_freerdp: ignored (end of standard support, was needs-triage)
esm-infra/xenial_freerdp: needs-triage
bionic_freerdp: needs-triage
focal_freerdp: DNE
groovy_freerdp: DNE
hirsute_freerdp: DNE
impish_freerdp: DNE
jammy_freerdp: DNE
devel_freerdp: DNE