Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43161
HistorySep 06, 2023 - 2:17 a.m.

Out-Of-Bounds Write

2023-09-0602:17:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
libfreerdp.so
out-of-bounds write
progressive_decompress
software

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.0%

libfreerdp.so is vulnerable to Out-Of-Bounds Write. The vulnerability occurs while calculating nXSrc and nYSrc variables in the progressive_decompress function of progressive.c due to the missing destination checks, which allows an attacker to cause out-of-bound write.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.0%