rpm package
suse/freerdp&distro=SUSE Linux Enterprise Desktop 12 SP4
pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-17177 | — | < 2.0.0~git.1463131968.4e66df7-12.11.1 | 2.0.0~git.1463131968.4e66df7-12.11.1 | Oct 4, 2019 | libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. | ||
| CVE-2019-17178 | — | < 2.0.0~git.1463131968.4e66df7-12.11.1 | 2.0.0~git.1463131968.4e66df7-12.11.1 | Oct 4, 2019 | HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. | ||
| CVE-2018-1000852 | — | < 2.0.0~git.1463131968.4e66df7-12.8.1 | 2.0.0~git.1463131968.4e66df7-12.8.1 | Dec 20, 2018 | FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. | ||
| CVE-2018-8789 | — | < 2.0.0~git.1463131968.4e66df7-12.8.1 | 2.0.0~git.1463131968.4e66df7-12.8.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). | ||
| CVE-2018-8788 | — | < 2.0.0~git.1463131968.4e66df7-12.8.1 | 2.0.0~git.1463131968.4e66df7-12.8.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. | ||
| CVE-2018-8787 | — | < 2.0.0~git.1463131968.4e66df7-12.8.1 | 2.0.0~git.1463131968.4e66df7-12.8.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8786 | — | < 2.0.0~git.1463131968.4e66df7-12.8.1 | 2.0.0~git.1463131968.4e66df7-12.8.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8785 | — | < 2.0.0~git.1463131968.4e66df7-12.8.1 | 2.0.0~git.1463131968.4e66df7-12.8.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-8784 | — | < 2.0.0~git.1463131968.4e66df7-12.8.1 | 2.0.0~git.1463131968.4e66df7-12.8.1 | Nov 29, 2018 | FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. | ||
| CVE-2018-0886 | Hig | 7.0 | < 2.0.0~git.1463131968.4e66df7-12.8.1 | 2.0.0~git.1463131968.4e66df7-12.8.1 | Mar 14, 2018 | The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows |
- CVE-2019-17177Oct 4, 2019affected < 2.0.0~git.1463131968.4e66df7-12.11.1fixed 2.0.0~git.1463131968.4e66df7-12.11.1
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
- CVE-2019-17178Oct 4, 2019affected < 2.0.0~git.1463131968.4e66df7-12.11.1fixed 2.0.0~git.1463131968.4e66df7-12.11.1
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
- CVE-2018-1000852Dec 20, 2018affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory..
- CVE-2018-8789Nov 29, 2018affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1
FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).
- CVE-2018-8788Nov 29, 2018affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
- CVE-2018-8787Nov 29, 2018affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
- CVE-2018-8786Nov 29, 2018affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
- CVE-2018-8785Nov 29, 2018affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.
- CVE-2018-8784Nov 29, 2018affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
- affected < 2.0.0~git.1463131968.4e66df7-12.8.1fixed 2.0.0~git.1463131968.4e66df7-12.8.1
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows