What is the severity of CVE-2019-17178?

CVE-2019-17178 is rated as a medium severity vulnerability due to the potential for memory leaks.

How do I fix CVE-2019-17178?

To fix CVE-2019-17178, users should upgrade to a patched version of FreeRDP or LodePNG that addresses the memory leak issue.

Which versions are affected by CVE-2019-17178?

CVE-2019-17178 affects FreeRDP versions up to 1.0.2 and 1.1.0-beta1, as well as LodePNG versions up to 2019-09-28.

What is the exploitability of CVE-2019-17178?

While CVE-2019-17178 may lead to increased memory consumption, it is less likely to be directly exploitable for arbitrary code execution.

Is CVE-2019-17178 related to specific operating systems?

Yes, CVE-2019-17178 is particularly relevant for users of openSUSE versions 15.0 and 15.1.

Vulnerability/
CVE-2019-17178

high

7.5

CWE

252 401

4/10/2019

5/8/2024

CVE-2019-17178

First published: Fri Oct 04 2019(Updated: )

HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
FreeRDP	<=1.0.2
FreeRDP	=1.1.0-beta1
lodev lodepng	<=2019-09-28
openSUSE	=15.0
openSUSE	=15.1

Remedy

https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-17178?
CVE-2019-17178 is rated as a medium severity vulnerability due to the potential for memory leaks.
How do I fix CVE-2019-17178?
To fix CVE-2019-17178, users should upgrade to a patched version of FreeRDP or LodePNG that addresses the memory leak issue.
Which versions are affected by CVE-2019-17178?
CVE-2019-17178 affects FreeRDP versions up to 1.0.2 and 1.1.0-beta1, as well as LodePNG versions up to 2019-09-28.
What is the exploitability of CVE-2019-17178?
While CVE-2019-17178 may lead to increased memory consumption, it is less likely to be directly exploitable for arbitrary code execution.
Is CVE-2019-17178 related to specific operating systems?
Yes, CVE-2019-17178 is particularly relevant for users of openSUSE versions 15.0 and 15.1.

agent/references
agent/weakness
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/last-modified-date
agent/author
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/freerdp
canonical/freerdp
version/freerdp/1.0.2
version/freerdp/1.1.0-beta1
vendor/lodev
canonical/lodev lodepng
version/lodev lodepng/2019-09-28
vendor/opensuse
canonical/opensuse
version/opensuse/15.0
version/opensuse/15.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.