CVE-2019-17177

Published: 04 October 2019

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
freerdp
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a
freerdp2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.0.0~git20190204.1.2693389a+dfsg1-2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.1.1+dfsg1-0ubuntu0.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a

Notes

AuthorNote
mdeslaur
code is different in xenial and bionic, area mentioned in this
CVE description doesn't exist.

References

Bugs