Lucene search

PRIOn knowledge basePRION:CVE-2014-0250

HistoryNov 16, 2014 - 5:59 p.m.

Integer overflow

2014-11-1617:59:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

85.8%

JSON

Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.

CPENameOperatorVersion
freerdpeq1.0.2
freerdpeq1.0.0
freerdpeq1.0.1
opensuseeq12.3
opensuseeq13.1

Name	Operator	Version
freerdp	eq	1.0.2
freerdp	eq	1.0.0
freerdp	eq	1.0.1
opensuse	eq	12.3
opensuse	eq	13.1

References

advisories.mageia.org/MGASA-2014-0287.html

lists.opensuse.org/opensuse-updates/2014-07/msg00008.html

seclists.org/oss-sec/2014/q2/365

security.gentoo.org/glsa/glsa-201412-18.xml

www.mandriva.com/security/advisories?name=MDVSA-2015:171

www.securityfocus.com/bid/67670

bugzilla.redhat.com/show_bug.cgi?id=998934

github.com/FreeRDP/FreeRDP/issues/1871

github.com/FreeRDP/FreeRDP/pull/1874

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

85.8%

JSON

Related for PRION:CVE-2014-0250