{"id":"CVE-2019-17177","details":"libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.","modified":"2026-04-02T01:47:06.201747Z","published":"2019-10-04T17:15:10.003Z","related":["MGASA-2019-0401","SUSE-SU-2019:3077-1","SUSE-SU-2019:3078-1","SUSE-SU-2019:3079-1","openSUSE-SU-2019:2604-1","openSUSE-SU-2019:2608-1","openSUSE-SU-2024:10768-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html"},{"type":"ADVISORY","url":"https://github.com/FreeRDP/FreeRDP/issues/5645"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202005-07"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4379-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"last_affected":"616aed4ec2889f379b9d1e840230d9a33cda8bf0"},{"introduced":"0"},{"last_affected":"1be90abcb9440b6f14b3fca4d7b462d9b3ce6432"},{"introduced":"0"},{"last_affected":"1648deb435ad52206f7aa2afe4b4dff71d9329bc"},{"introduced":"0"},{"last_affected":"84f8161897534d9263ffebe43092827d40fc7ffb"},{"introduced":"0"},{"last_affected":"7a7b180277a9c04809bf07a54882d7c33eeeb9f9"},{"introduced":"0"},{"last_affected":"a4f147683db7aa99a6075aeaf7c698bc6ba84d11"},{"introduced":"0"},{"last_affected":"e21b72c95f857817b4b32b5ef5406355c005a9e8"},{"fixed":"9fee4ae076b1ec97b97efb79ece08d1dab4df29a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.2"},{"introduced":"0"},{"last_affected":"1.1.0-beta1"},{"introduced":"0"},{"last_affected":"2.0.0-rc0"},{"introduced":"0"},{"last_affected":"2.0.0-rc1"},{"introduced":"0"},{"last_affected":"2.0.0-rc2"},{"introduced":"0"},{"last_affected":"2.0.0-rc3"},{"introduced":"0"},{"last_affected":"2.0.0-rc4"}]}}],"versions":["1.0-beta1","1.0-beta2","1.0-beta3","1.0-beta4","1.0-beta5","1.0.0","1.0.1","1.0.2","1.0.2-rc1","1.0.2-rc2","1.1.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17177.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["269215551196728372072229002611498048274","60882436054191971992951776647637498497","246423792840165743178928287324492503526","186775369845774264331823368553861729311","121033979759465712227962233428386596536","333459367581250853282024688279097815294","52652199316993592414430078609399706190","281242411092693082450489738599220562788","293078200095957182578457349885119669019"]},"target":{"file":"winpr/libwinpr/utils/lodepng/lodepng.c"},"source":"https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2019-17177-4f8c096a"},{"digest":{"function_hash":"111556578513038953191829364359908659521","length":2318},"target":{"function":"tr_esc_str","file":"client/X11/generate_argument_docbook.c"},"source":"https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2019-17177-7ec9b5d0"},{"digest":{"function_hash":"238058498232279513812602263336545750696","length":1417},"target":{"function":"region16_intersect_rect","file":"libfreerdp/codec/region.c"},"source":"https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2019-17177-80fe4fbc"},{"digest":{"function_hash":"182161999730597109211945894636287786661","length":910},"target":{"function":"region16_simplify_bands","file":"libfreerdp/codec/region.c"},"source":"https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2019-17177-9e923a88"},{"digest":{"threshold":0.9,"line_hashes":["169942117269173459854457627031907093168","192678371756632553035970616533493584616","67712262644008916266627221126531232786","111352148105322516270348382852283456869","68688189215770436792667200383767070546","120400749965676790911622306983534637449","337960107116802670648657492232181897010","115590768827935740976323704459018392382","19501158130532074895777220320136227012","222911646423814009956664567931908529052","314707534127468225231502214208236632670","176978620197884198033439116035680797325","232962076676134982586978795924198445130","54923070188309183671310197226108892649","314707534127468225231502214208236632670","176978620197884198033439116035680797325","161703410555354982306830631585466092817","278765345449261648401903298331054283307","90260239477347542038201787329833467610","176978620197884198033439116035680797325","244861578303904110441648214358557235912","83582483396781978813770731794463705285","90260239477347542038201787329833467610","176978620197884198033439116035680797325","313217851107018138835367919458041581201","216904702782556537822758554598757525054","148190799425122740469724662021157560141","176978620197884198033439116035680797325"]},"target":{"file":"client/X11/generate_argument_docbook.c"},"source":"https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2019-17177-b16b382d"},{"digest":{"function_hash":"153710806257076984915596454631468483510","length":2888},"target":{"function":"region16_union_rect","file":"libfreerdp/codec/region.c"},"source":"https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2019-17177-bc572671"},{"digest":{"threshold":0.9,"line_hashes":["236789859763925190122086759330866475518","303447436975685695637060891267598298600","238855805430459233328977818012291901312","320151404832153686982822229424724071681","306277995164946684417977004325037077541","321893086654608489648272653389745040833","320334514659870503550670014781451630788","269239849473155655800555847669994911240","116891536248283089850423111705276134785","110177783688515234290913881762732141893","238100245164064885829079799523851780215","11546404366772640448671224959801578622","31636775941089041245965245234738855235","300596855173215564464195492167778391485","100368184650351677725721506535300695529","143839062400987009432695694937797317323","111849370724169758773020147272706896899","225149152969146341033887566919266056394","17200948198447921021291136443610520655","288041447184418308804384182739267874627","14946096756773680099055441873743711075"]},"target":{"file":"libfreerdp/codec/region.c"},"source":"https://github.com/freerdp/freerdp/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2019-17177-fd5cbcf7"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.1.0-beta"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}