FreeRDP Remote Desktop Protocol Buffer Overread Vulnerability

Summary

A security issue affects older versions of FreeRDP. A malicious RDP server can send data that causes FreeRDP to access memory incorrectly, potentially leading to security problems. Update to version 3.23.0 or later to resolve the issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
freerdp	freerdp	<= 3.23.0	–

Original title

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by c...

Original description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue.

nvd CVSS3.1 5.3

nvd CVSS4.0 5.5

Vulnerability type

CWE-126

https://github.com/FreeRDP/FreeRDP/commit/f5e20403d6e325e11b68129803f967fb5aeec1... Patch
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hr4m-ph4g-48j6 Patch Vendor Advisory