CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
10.3%
libfreerdp.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper handling of nWidth
and nHeight
when both are zero, This allowing an attacker to potentially access or modify memory outside the intended buffer limits.
github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b
github.com/FreeRDP/FreeRDP/pull/10109
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
lists.fedoraproject.org/archives/list/[email protected]/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
lists.fedoraproject.org/archives/list/[email protected]/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
lists.fedoraproject.org/archives/list/[email protected]/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
lists.fedoraproject.org/archives/list/[email protected]/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
oss-fuzz.com/testcase-detail/6156779722440704