CVE-2022-39316

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-39316
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39316.json
Aliases
  • GHSA-5w4j-mrrh-jjrm
Related
Published
2022-11-16T20:15:10Z
Modified
2024-01-12T15:00:51.973153Z
Details

FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.

References

Affected packages

Git / github.com/FreeRDP/FreeRDP

Affected ranges

Type
GIT
Repo
https://github.com/FreeRDP/FreeRDP
Events
Introduced
0The exact introduced commit is unknown
Fixed
Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0The exact introduced commit is unknown
Fixed

Affected versions

1.*

1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9

2.*

2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
2.1.0
2.1.1
2.1.2
2.2.0
2.3.0
2.3.1
2.3.2
2.4.1
2.5.0
2.6.0
2.6.1
2.7.0
2.8.0
2.8.1