CVE-2019-20382

Priority
Description
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c
during a VNC disconnect operation because libz is misused, resulting in a
situation where memory allocated in deflateInit2 is not freed in
deflateEnd.
Notes
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.10 (Eoan Ermine):needed
Ubuntu 20.04 (Focal Fossa):not-affected (1:4.2-3ubuntu1)
Patches:
Upstream:https://git.qemu.org/?p=qemu.git;a=commit;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2020-03-18 21:40:40 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)