Skip to content

Integer overflow in RDPEGFX channel

Low
bmiklautz published GHSA-4r38-6hq7-j3j9 Jul 25, 2020

Package

FreeRDP

Affected versions

<= 2.1.2

Patched versions

2.2.0

Description

Impact

  • Integer overflow due to missing input sanitation in rdpegfx channel
  • All FreeRDP clients are affected
  • The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a memcpy)

Patches

  • Upgrade to 2.2.0

Workarounds

  • stop using command line arguments /gfx, /gfx-h264 and /network:auto

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2020-15103

Weaknesses

No CWEs