Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43133
HistorySep 05, 2023 - 3:11 a.m.

Out-Of-Bound Read

2023-09-0503:11:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
libfreerdp.so
out-of-bound read
integer underflow
zgfx_decompress_segment

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

38.3%

libfreerdp.so is vulnerable to Out-Of-Bound Read. The vulnerability exists due to the integer underflow in the cBitsRemaining calculation in the zgfx_decompress_segment function of zgfx.c, which allows an attacker to read data beyond the transmitted packet range in the context of CopyMemory, leading to a crash of the application.

CPENameOperatorVersion
libfreerdp.sole1.2.0
libfreerdp.sole1.2.0

References

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

38.3%