FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
1.1.0~git20140921.1.440916e+dfsg1-5ubuntu11.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.21.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.31.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.41.1.0~git20140921.1.440916e+dfsg1-15ubuntu11.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.11.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.22.6.1+dfsg1-3ubuntu2.83.5.1+dfsg1-0ubuntu1.43.16.0+dfsg-2ubuntu0.32.2.0+dfsg1-0ubuntu0.18.04.4+esm32.6.1+dfsg1-0ubuntu0.20.04.2+esm12.11.5+dfsg1-1ubuntu0.1~esm3Exploitability
AV:NAC:LAT:NPR:NUI:NVulnerable System
VC:NVI:NVA:HSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P