CVE-2018-8785
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-8785
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8785.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-8785
- Downstream
- Related
- Published
- 2018-11-29T18:29:00Z
- Modified
- 2025-10-21T04:39:28.090133Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.
- References
Affected packages
Git / github.com/freerdp/freerdp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freerdp/freerdp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
Database specific
vanir_signatures
[
{
"source": "https://github.com/freerdp/freerdp/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d",
"target": {
"file": "include/freerdp/codec/zgfx.h"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2018-8785-3d6dbd58",
"digest": {
"threshold": 0.9,
"line_hashes": [
"171318857615434305103868353373347401026",
"126879061704302225276850893636598577061",
"288643554774339084636302020916721372641",
"159575444503892091637188374424194233139",
"125803571012187168895245295538840102256",
"108301676587632000074685429447527943786",
"89964981123251029047856481982713146609",
"28465286330426044407674087024628006927",
"193279538454069526369357701508561593718",
"255025816971852424310420464121101197015",
"187165041423917341570922348636573559671",
"297328310955153656922954370780556935392",
"114946725377952051774154391136204482136",
"281565084121182456440438764274530564272",
"169132286192010401475866937038799914034",
"21022000495400926784530149428950853035",
"194185210989642556862374418840857631169",
"290394900242427724301642579796475088070",
"63040545597896007387126346079048702373",
"22947327746539632036195003880151043527",
"271294670260486936320213940862031675261",
"40276754901763998729403347250462254840",
"282953022741559062865115942210257831115",
"218481686813916003269010678079394500200",
"138285938561986672094772847282166150604",
"82154962552781615333622910154204477798"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/freerdp/freerdp/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d",
"target": {
"file": "libfreerdp/codec/zgfx.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2018-8785-4107a888",
"digest": {
"threshold": 0.9,
"line_hashes": [
"211914859406272048573373643485869386910",
"316350969647573345033485944242927935086",
"153924358498147806064550232867249625971",
"126773402608693904588725442629026589446",
"108555450789418878317743574318509310160",
"249444082236265128818936789362674969404",
"43524453607316201734781905139916788412",
"48704473415701958551739302285835797960",
"11746768229264577638097488343907716083",
"225093502494380624320366450649808787381",
"198164708002154154246585153268708514531",
"134026908840211233980241665155009683149",
"138250544759356659348855944840383257036",
"210485603361963462901156634949968695014",
"100840972518471233083017063461192225496",
"70288751856035211943902779333071366924",
"177574237666916054501961411928866636758",
"161221231866629027214656856789443898455",
"101872172283870639836839087345183776244",
"183004235591668635388793416221527180952",
"298437649471649633217563878836004963970",
"162385472100725117259729598207822881628",
"41129031060202863644482772229506692175",
"163544055115317878678278670022642165044",
"44557879043890664797803257575318115529",
"248742884465377031765431311570760123739",
"7208140483740697429081407101494720205",
"250513356280408871578634457956152772412",
"204253732601500993850061503682101931295",
"317842043031219052224841167671528814571",
"61629990090585689138645113265582666227",
"72487069367910799934599230940372489812",
"32115507658897446478508603880977138723",
"250190675394565693826732313645398674976",
"134205791729633565030808541705002392880",
"37932144653196509795294570565074252538",
"173730070127955936737766131057075985370",
"322911572113625092808556063360395738938",
"312520690869848661702533878685298524250",
"232327484580217803780027448402567734932",
"338462065946862999126197961769730097949",
"29450727171727428683931461226081381870",
"157180894746439829196264389133068891759",
"28817316948103371617366834546336744576"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/freerdp/freerdp/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d",
"target": {
"function": "zgfx_decompress_segment",
"file": "libfreerdp/codec/zgfx.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2018-8785-53557f21",
"digest": {
"length": 2501.0,
"function_hash": "125155827918534110536639891402660234831"
},
"signature_type": "Function"
},
{
"source": "https://github.com/freerdp/freerdp/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d",
"target": {
"function": "zgfx_decompress",
"file": "libfreerdp/codec/zgfx.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2018-8785-b37ca04e",
"digest": {
"length": 1342.0,
"function_hash": "291893467602469246699847469917400173775"
},
"signature_type": "Function"
}
]