PT-2019-14984 · Lodepng+2 · Lodepng+2

Nico Waisman

Publicado

2015-04-01

Atualizado

2021-07-21

CVE-2019-17178

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions LodePNG versions through 2019-09-28

Description The issue is related to a memory leak in the HuffmanTree makeFromFrequencies function in lodepng.c. This leak occurs because a supplied realloc pointer is also used for a realloc return value. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For LodePNG versions through 2019-09-28, update to a version released after 2019-09-28 to resolve the memory leak issue in the HuffmanTree makeFromFrequencies function.

Correção

Memory Leak

Unchecked Return Value

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-401CWE-252

Identificadores relacionados

ALT-PU-2015-1346

CVE-2019-17178

MGASA-2019-0401

OPENSUSE-SU-2019:2604-1

OPENSUSE-SU-2019:2608-1

OPENSUSE-SU-2019_2604-1

OPENSUSE-SU-2019_2608-1

SUSE-SU-2019:3077-1

SUSE-SU-2019:3078-1

SUSE-SU-2019:3079-1

Produtos afetados

Alt Linux

Lodepng

Suse

PT-2019-14984 · Lodepng+2 · Lodepng+2

CVE-2019-17178

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 30