Search CVE reports
81 – 90 of 94 results
Some fixes available 3 of 5
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freerdp | Not in release | Not in release | Not in release | Vulnerable |
| freerdp2 | Not affected | Not affected | Fixed | Fixed |
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an...
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freerdp | — | — | Not in release | Not affected |
| freerdp2 | — | — | Fixed | Fixed |
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has...
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freerdp | — | — | Not in release | Not affected |
| freerdp2 | — | — | Fixed | Fixed |
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freerdp | — | — | Not in release | Not affected |
| freerdp2 | — | — | Fixed | Fixed |
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freerdp | — | — | Not in release | Not affected |
| freerdp2 | — | — | Fixed | Fixed |
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also...
2 affected packages
freerdp2, freerdp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freerdp2 | Not affected | Not affected | Not affected | Not affected |
| freerdp | Not in release | Not in release | Not in release | Needs evaluation |
Some fixes available 2 of 3
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freerdp | — | — | Not in release | Not affected |
| freerdp2 | — | — | Not affected | Fixed |
FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freerdp | — | — | — | Fixed |
| freerdp2 | — | — | — | Fixed |
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freerdp | — | — | — | Fixed |
| freerdp2 | — | — | — | Fixed |
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freerdp | — | — | — | Fixed |
| freerdp2 | — | — | — | Fixed |