You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
bmiklautz
published
GHSA-4r38-6hq7-j3j9Jul 25, 2020
Package
FreeRDP
Affected versions
<= 2.1.2
Patched versions
2.2.0
Description
Impact
Integer overflow due to missing input sanitation in rdpegfx channel
All FreeRDP clients are affected
The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a memcpy)
Patches
Upgrade to 2.2.0
Workarounds
stop using command line arguments /gfx, /gfx-h264 and /network:auto
Impact
rdpegfxchannelmemcpy)Patches
Workarounds
/gfx,/gfx-h264and/network:autoReferences
For more information
If you have any questions or comments about this advisory: