Skip to content

out of bound read in rfx_process_message_tileset

Low
bmiklautz published GHSA-5mr4-28w3-rc84 May 29, 2020

Package

freerdp

Affected versions

<= 2.0.0

Patched versions

2.1.0

Description

Impact

  • All FreeRDP clients, all platforms

Invalid data fed to RFX decoder resulting in garbage on screen (as colors)

Patches

Fixed with 2.1.0

Workarounds

Do not use /rfx, /gfx or /network:auto command line switches

References

Severity

Low

CVE ID

CVE-2020-11043

Weaknesses

No CWEs