CVE-2023-40187
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-40187
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40187.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-40187
- Aliases
-
- GHSA-pwf9-v5p9-ch4f
- Downstream
- Published
- 2023-08-31T21:21:12.787Z
- Modified
- 2025-12-05T00:03:39.030373Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Use-After-Free in FreeRDP
- Details
-
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the
avc420_ensure_bufferandavc444_ensure_bufferfunctions. If the value ofpiDstSize[x]is 0,ppYUVDstData[x]will be freed. However, in this caseppYUVDstData[x]will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability. - Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/40xxx/CVE-2023-40187.json", "cwe_ids": [ "CWE-416" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/40xxx/CVE-2023-40187.json
- https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/h264.c#L413-L427
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pwf9-v5p9-ch4f
- https://nvd.nist.gov/vuln/detail/CVE-2023-40187
- https://security.gentoo.org/glsa/202401-16