Vulnerability Details CVE-2019-17177
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html
- https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a
- https://github.com/FreeRDP/FreeRDP/issues/5645
- https://security.gentoo.org/glsa/202005-07
- https://usn.ubuntu.com/4379-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html
- https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a
- https://github.com/FreeRDP/FreeRDP/issues/5645
- https://security.gentoo.org/glsa/202005-07
- https://usn.ubuntu.com/4379-1/
Products affected by CVE-2019-17177
-
cpe:2.3:a:freerdp:freerdp:-
-
cpe:2.3:a:freerdp:freerdp:1.0.0
-
cpe:2.3:a:freerdp:freerdp:1.0.1
-
cpe:2.3:a:freerdp:freerdp:1.0.2
-
cpe:2.3:a:freerdp:freerdp:1.1.0
-
cpe:2.3:a:freerdp:freerdp:2.0.0
-
cpe:2.3:o:opensuse:leap:15.0
-
cpe:2.3:o:opensuse:leap:15.1