Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Freerdp Subscribe
Total 74 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13397 4 Canonical, Debian, Freerdp and 1 more 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more 2020-11-09 2.1 LOW 5.5 MEDIUM
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
CVE-2020-13396 4 Canonical, Debian, Freerdp and 1 more 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more 2020-11-09 5.5 MEDIUM 7.1 HIGH
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
CVE-2018-8784 2 Canonical, Freerdp 2 Ubuntu Linux, Freerdp 2020-09-29 7.5 HIGH 9.8 CRITICAL
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8785 2 Canonical, Freerdp 2 Ubuntu Linux, Freerdp 2020-09-29 7.5 HIGH 9.8 CRITICAL
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8786 5 Canonical, Debian, Fedoraproject and 2 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2020-09-28 7.5 HIGH 9.8 CRITICAL
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
CVE-2018-8787 4 Canonical, Debian, Freerdp and 1 more 9 Ubuntu Linux, Debian Linux, Freerdp and 6 more 2020-09-28 7.5 HIGH 9.8 CRITICAL
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
CVE-2014-0791 1 Freerdp 1 Freerdp 2020-08-29 6.8 MEDIUM N/A
Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.
CVE-2018-1000852 3 Canonical, Fedoraproject, Freerdp 3 Ubuntu Linux, Fedora, Freerdp 2020-08-07 6.4 MEDIUM 6.5 MEDIUM
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.
CVE-2020-11047 2 Canonical, Freerdp 2 Ubuntu Linux, Freerdp 2020-06-09 4.9 MEDIUM 5.9 MEDIUM
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.
CVE-2013-4118 2 Freerdp, Opensuse 3 Freerdp, Leap, Opensuse 2020-03-06 5.0 MEDIUM 7.5 HIGH
FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
CVE-2014-0250 2 Freerdp, Opensuse 2 Freerdp, Opensuse 2020-03-06 7.5 HIGH N/A
Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.
CVE-2013-4119 1 Freerdp 1 Freerdp 2020-03-06 5.0 MEDIUM 7.5 HIGH
FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished.
CVE-2018-8788 3 Canonical, Debian, Freerdp 3 Ubuntu Linux, Debian Linux, Freerdp 2019-06-03 7.5 HIGH 9.8 CRITICAL
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
CVE-2018-8789 3 Canonical, Debian, Freerdp 3 Ubuntu Linux, Debian Linux, Freerdp 2019-06-03 5.0 MEDIUM 7.5 HIGH
FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).