FreeRDP prior to version 2.0.0-rc4 contains several out-of-bounds reads in the NTLM authentication module that results in a denial of service (segfault).
Tag: FreeRDP
ASA-2019-00070 – FreeRDP: Out-of-bounds write of up to 4 bytes in function nsc_rle_decode()
FreeRDP prior to version 2.0.0-rc4 contains an out-of-bounds write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
ASA-2019-00069 – FreeRDP: Integer overflow that leads to a heap-based buffer overflow in function gdi_Bitmap_Decompress()
FreeRDP prior to version 2.0.0-rc4 contains an integer overflow that leads to a heap-based buffer overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
ASA-2019-00068 – FreeRDP: Integer truncation that leads to a heap-based buffer overflow in function update_read_bitmap_update()
FreeRDP prior to version 2.0.0-rc4 contains an integer truncation that leads to a heap-based buffer overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
ASA-2019-00067 – FreeRDP: Heap-based buffer overflow in function zgfx_decompress()
FreeRDP prior to version 2.0.0-rc4 contains a heap-based buffer overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.
ASA-2019-00066 – FreeRDP: Heap-based buffer overflow in function zgfx_decompress_segment()
FreeRDP prior to version 2.0.0-rc4 contains a heap-based buffer overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.