9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.8%
FreeRDP is vulnerable to an Integer Overflow in freerdp_bitmap_planar_context_reset, leading to a heap-buffer overflow. The vulnerability is due to a malicious server preparing a RDPGFX_RESET_GRAPHICS_PDU to allocate too small buffers, potentially triggering later out-of-bounds read/write.
github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff
github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59
lists.fedoraproject.org/archives/list/[email protected]/message/44VOA5KQQT7KQPW7CLST4Y4SQTKK3IOU/
lists.fedoraproject.org/archives/list/[email protected]/message/PIQE3YSPOJPAUS7DPWIBTR5IQSQX35VM/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.19/community.yaml
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.8%