FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | freerdp2 | <=Â 2.10.0+dfsg1-1 | freerdp2_2.10.0+dfsg1-1_all.deb |
Debian | 11 | all | freerdp2 | <=Â 2.3.0+dfsg1-2+deb11u1 | freerdp2_2.3.0+dfsg1-2+deb11u1_all.deb |
Debian | 10 | all | freerdp2 | <Â 2.3.0+dfsg1-2+deb10u3 | freerdp2_2.3.0+dfsg1-2+deb10u3_all.deb |
Debian | 999 | all | freerdp2 | <Â 2.11.2+dfsg1-1 | freerdp2_2.11.2+dfsg1-1_all.deb |
Debian | 13 | all | freerdp2 | <Â 2.11.2+dfsg1-1 | freerdp2_2.11.2+dfsg1-1_all.deb |