Integer Overflow or Wraparound Affecting freerdp/freerdp package, versions [,2.11.6) [3.0.0,3.5.0)
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-FREERDPFREERDP-6672294
- published 23 Apr 2024
- disclosed 22 Apr 2024
- credit Evgeny Legerov
Introduced: 22 Apr 2024
New CVE-2024-32039 Open this link in a new tabHow to fix?
Upgrade freerdp/freerdp
to version 2.11.6, 3.5.0 or higher.
Overview
Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of certain data structures during the decompression process. An attacker can exploit this vulnerability to cause a denial of service (DoS) condition through crafted packets sent to the affected application. This is only exploitable if the application is configured to use certain graphics extensions (/gfx
options) which are enabled by default.
Workaround
This vulnerability can be mitigated by not using /gfx
options (e.g., deactivate with /bpp:32
or /rfx
).