Skip to content

zgfx_decompress out of memory

Low
akallabeth published GHSA-mxv6-2cw6-m3mx Apr 23, 2024

Package

FreeRDP (C)

Affected versions

<= 2.11.6, <= 3.5.0

Patched versions

2.11.7, 3.5.1

Description

Impact

  • FreeRDP based clients
  • malicious server can crash the client by sending invalid huge allocation size

Patches

Workarounds

none

References

https://oss-fuzz.com/testcase-detail/5559242514825216

Severity

Low

CVE ID

CVE-2024-32660

Weaknesses

No CWEs