Search CVE reports
81 – 90 of 103 results
CVE-2020-11046
Medium priorityIn FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| freerdp | — | — | Not in release | Fixed | Fixed |
| freerdp2 | — | — | Fixed | Fixed | Not in release |
CVE-2020-11045
Medium priorityIn FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| freerdp | — | — | Not in release | Fixed | Fixed |
| freerdp2 | — | — | Fixed | Fixed | Not in release |
CVE-2020-11044
Medium priorityIn FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| freerdp | — | — | Not in release | Not affected | Not affected |
| freerdp2 | — | — | Fixed | Fixed | Not in release |
CVE-2020-11042
Medium priorityIn FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be...
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| freerdp | — | — | Not in release | Fixed | Fixed |
| freerdp2 | — | — | Fixed | Fixed | Not in release |
CVE-2019-17178
Low priorityHuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also...
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| freerdp | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| freerdp2 | Not affected | Not affected | Not affected | Not affected | Not in release |
CVE-2019-17177
Low prioritySome fixes available 2 of 3
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| freerdp | — | — | Not in release | Not affected | Not affected |
| freerdp2 | — | — | Not affected | Fixed | Not in release |
CVE-2018-1000852
Low prioritySome fixes available 1 of 2
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result...
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| freerdp | — | — | Not in release | Not affected | Not affected |
| freerdp2 | — | — | Not affected | Fixed | Not in release |
CVE-2018-8789
Medium priorityFreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| freerdp | — | — | — | Fixed | Fixed |
| freerdp2 | — | — | — | Fixed | Not in release |
CVE-2018-8788
Medium priorityFreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| freerdp | — | — | — | Fixed | Fixed |
| freerdp2 | — | — | — | Fixed | Not in release |
CVE-2018-8787
Medium priorityFreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
2 affected packages
freerdp, freerdp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| freerdp | — | — | — | Fixed | Fixed |
| freerdp2 | — | — | — | Fixed | Not in release |