FreeRDP is vulnerable to denial of service. A use-after-free in gdi_SelectObject causes clients using compatibility mode with /relax-order-checks
to be vulnerable to an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
freerdp:3.12 | eq | 2.0.0-r0 | |
freerdp:edge | eq | 2.0.0_rc4-r1 | |
freerdp:edge | eq | 2.0.0-r0 | |
freerdp:3.12 | eq | 2.0.0-r0 | |
freerdp:edge | eq | 2.0.0_rc4-r1 | |
freerdp:edge | eq | 2.0.0-r0 |
lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
www.freerdp.com/2020/06/22/2_1_2-released
github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
lists.fedoraproject.org/archives/list/[email protected]/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
lists.fedoraproject.org/archives/list/[email protected]/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/
usn.ubuntu.com/4481-1/