FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi->drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
1.1.0~git20140921.1.440916e+dfsg1-5ubuntu11.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.21.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.31.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.41.1.0~git20140921.1.440916e+dfsg1-15ubuntu11.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.11.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.22.3.0+dfsg1-2build12.3.0+dfsg1-2ubuntu12.3.0+dfsg1-2ubuntu22.4.1+dfsg1-12.4.1+dfsg1-1ubuntu12.4.1+dfsg1-1ubuntu22.5.0+dfsg1-12.6.0+dfsg1-12.6.1+dfsg1-12.6.1+dfsg1-3+12 more2.10.0+dfsg1-1.1ubuntu12.11.2+dfsg1-12.11.2+dfsg1-1build12.11.2+dfsg1-1build32.11.5+dfsg1-1build12.11.5+dfsg1-1build23.5.1+dfsg1-0ubuntu1.43.16.0+dfsg-2ubuntu0.32.0.0~git20170725.1.1648deb+dfsg1-12.0.0~git20170725.1.1648deb+dfsg1-52.0.0~git20170725.1.1648deb+dfsg1-5ubuntu12.0.0~git20170725.1.1648deb+dfsg1-5ubuntu22.0.0~git20170725.1.1648deb+dfsg1-62.0.0~git20170725.1.1648deb+dfsg1-6build12.0.0~git20170725.1.1648deb+dfsg1-72.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.12.1.1+dfsg1-0ubuntu0.18.04.12.2.0+dfsg1-0ubuntu0.18.04.1+8 more2.0.0~git20190204.1.2693389a+dfsg1-12.0.0~git20190204.1.2693389a+dfsg1-22.0.0~git20190204.1.2693389a+dfsg1-2build12.0.0~git20190204.1.2693389a+dfsg1-2build22.1.1+dfsg1-0ubuntu0.20.04.12.2.0+dfsg1-0ubuntu0.20.04.12.2.0+dfsg1-0ubuntu0.20.04.22.2.0+dfsg1-0ubuntu0.20.04.32.2.0+dfsg1-0ubuntu0.20.04.42.2.0+dfsg1-0ubuntu0.20.04.5+6 moreExploitability
AV:NAC:LAT:NPR:NUI:NVulnerable System
VC:NVI:NVA:HSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P