FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory by sending a crafted WIRE_TO_SURFACE_2 PDU with a bitmapDataLength value larger than the actual data in the packet. This can lead to information disclosure or client crashes when a user connects to a malicious server. Versions 2.11.8 and 3.23.0 fix the issue.
1.1.0~git20140921.1.440916e+dfsg1-5ubuntu11.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.21.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.31.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.41.1.0~git20140921.1.440916e+dfsg1-15ubuntu11.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.11.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.22.3.0+dfsg1-2build12.3.0+dfsg1-2ubuntu12.3.0+dfsg1-2ubuntu22.4.1+dfsg1-12.4.1+dfsg1-1ubuntu12.4.1+dfsg1-1ubuntu22.5.0+dfsg1-12.6.0+dfsg1-12.6.1+dfsg1-12.6.1+dfsg1-3+12 more3.5.1+dfsg1-0ubuntu1.43.16.0+dfsg-2ubuntu0.32.0.0~git20170725.1.1648deb+dfsg1-12.0.0~git20170725.1.1648deb+dfsg1-52.0.0~git20170725.1.1648deb+dfsg1-5ubuntu12.0.0~git20170725.1.1648deb+dfsg1-5ubuntu22.0.0~git20170725.1.1648deb+dfsg1-62.0.0~git20170725.1.1648deb+dfsg1-6build12.0.0~git20170725.1.1648deb+dfsg1-72.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.12.1.1+dfsg1-0ubuntu0.18.04.12.2.0+dfsg1-0ubuntu0.18.04.1+8 more2.0.0~git20190204.1.2693389a+dfsg1-12.0.0~git20190204.1.2693389a+dfsg1-22.0.0~git20190204.1.2693389a+dfsg1-2build12.0.0~git20190204.1.2693389a+dfsg1-2build22.1.1+dfsg1-0ubuntu0.20.04.12.2.0+dfsg1-0ubuntu0.20.04.12.2.0+dfsg1-0ubuntu0.20.04.22.2.0+dfsg1-0ubuntu0.20.04.32.2.0+dfsg1-0ubuntu0.20.04.42.2.0+dfsg1-0ubuntu0.20.04.5+6 more2.10.0+dfsg1-1.1ubuntu12.11.2+dfsg1-12.11.2+dfsg1-1build12.11.2+dfsg1-1build32.11.5+dfsg1-1build12.11.5+dfsg1-1build22.11.5+dfsg1-1ubuntu0.1~esm12.11.5+dfsg1-1ubuntu0.1~esm22.11.5+dfsg1-1ubuntu0.1~esm32.11.5+dfsg1-1ubuntu0.1~esm4+1 moreExploitability
AV:NAC:LPR:NUI:RScope
S:UImpact
C:HI:NA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H