CVE-2019-17178
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-17178
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17178.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-17178
- Downstream
- Related
- Published
- 2019-10-04T17:15:10Z
- Modified
- 2025-10-21T04:53:23.185938Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
- References
Affected packages
Git / github.com/freerdp/freerdp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freerdp/freerdp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
Database specific
vanir_signatures
[
{
"source": "https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "winpr/libwinpr/utils/lodepng/lodepng.c"
},
"id": "CVE-2019-17178-4f8c096a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"269215551196728372072229002611498048274",
"60882436054191971992951776647637498497",
"246423792840165743178928287324492503526",
"186775369845774264331823368553861729311",
"121033979759465712227962233428386596536",
"333459367581250853282024688279097815294",
"52652199316993592414430078609399706190",
"281242411092693082450489738599220562788",
"293078200095957182578457349885119669019"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "tr_esc_str",
"file": "client/X11/generate_argument_docbook.c"
},
"id": "CVE-2019-17178-7ec9b5d0",
"digest": {
"length": 2318.0,
"function_hash": "111556578513038953191829364359908659521"
},
"signature_type": "Function"
},
{
"source": "https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "region16_intersect_rect",
"file": "libfreerdp/codec/region.c"
},
"id": "CVE-2019-17178-80fe4fbc",
"digest": {
"length": 1417.0,
"function_hash": "238058498232279513812602263336545750696"
},
"signature_type": "Function"
},
{
"source": "https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "region16_simplify_bands",
"file": "libfreerdp/codec/region.c"
},
"id": "CVE-2019-17178-9e923a88",
"digest": {
"length": 910.0,
"function_hash": "182161999730597109211945894636287786661"
},
"signature_type": "Function"
},
{
"source": "https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "client/X11/generate_argument_docbook.c"
},
"id": "CVE-2019-17178-b16b382d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"169942117269173459854457627031907093168",
"192678371756632553035970616533493584616",
"67712262644008916266627221126531232786",
"111352148105322516270348382852283456869",
"68688189215770436792667200383767070546",
"120400749965676790911622306983534637449",
"337960107116802670648657492232181897010",
"115590768827935740976323704459018392382",
"19501158130532074895777220320136227012",
"222911646423814009956664567931908529052",
"314707534127468225231502214208236632670",
"176978620197884198033439116035680797325",
"232962076676134982586978795924198445130",
"54923070188309183671310197226108892649",
"314707534127468225231502214208236632670",
"176978620197884198033439116035680797325",
"161703410555354982306830631585466092817",
"278765345449261648401903298331054283307",
"90260239477347542038201787329833467610",
"176978620197884198033439116035680797325",
"244861578303904110441648214358557235912",
"83582483396781978813770731794463705285",
"90260239477347542038201787329833467610",
"176978620197884198033439116035680797325",
"313217851107018138835367919458041581201",
"216904702782556537822758554598757525054",
"148190799425122740469724662021157560141",
"176978620197884198033439116035680797325"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "region16_union_rect",
"file": "libfreerdp/codec/region.c"
},
"id": "CVE-2019-17178-bc572671",
"digest": {
"length": 2888.0,
"function_hash": "153710806257076984915596454631468483510"
},
"signature_type": "Function"
},
{
"source": "https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "libfreerdp/codec/region.c"
},
"id": "CVE-2019-17178-fd5cbcf7",
"digest": {
"threshold": 0.9,
"line_hashes": [
"236789859763925190122086759330866475518",
"303447436975685695637060891267598298600",
"238855805430459233328977818012291901312",
"320151404832153686982822229424724071681",
"306277995164946684417977004325037077541",
"321893086654608489648272653389745040833",
"320334514659870503550670014781451630788",
"269239849473155655800555847669994911240",
"116891536248283089850423111705276134785",
"110177783688515234290913881762732141893",
"238100245164064885829079799523851780215",
"11546404366772640448671224959801578622",
"31636775941089041245965245234738855235",
"300596855173215564464195492167778391485",
"100368184650351677725721506535300695529",
"143839062400987009432695694937797317323",
"111849370724169758773020147272706896899",
"225149152969146341033887566919266056394",
"17200948198447921021291136443610520655",
"288041447184418308804384182739267874627",
"14946096756773680099055441873743711075"
]
},
"signature_type": "Line"
}
]