CVE-2023-40574

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-40574
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40574.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-40574
Aliases
  • GHSA-422p-gj6x-93cw
Downstream
Related
Published
2023-08-31T21:39:17.151Z
Modified
2025-11-19T20:04:45.549286Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
Out-Of-Bounds Write in FreeRDP
Details

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the writePixelBGRX function. This issue is likely down to incorrect calculations of the nHeight and srcStep variables. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-787"
    ]
}
References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
f468a06d88c55b9ed484757326a9528cf27d33f4
Fixed
59a5726ab36338776539192cae2563951d0ce94b

Affected versions

3.*

3.0.0-beta1
3.0.0-beta2