Описание
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
Отчет
This issue did not affect the versions of freerdp as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for ZGFX data compression.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | freerdp | Not affected | ||
| Red Hat Enterprise Linux 7 | freerdp | Not affected | ||
| Red Hat Enterprise Linux 8 | freerdp | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overfl ...
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
Уязвимость функции zgfx_decompress_segment() RDP-клиента FreeRDP, позволяющая нарушителю выполнить произвольный код
6.5 Medium
CVSS3