CVE-2018-8785

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.

Published : 2018-11-29 18:29 Updated : 2019-10-09 23:42

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Freerdp Freerdp 1.2.0 cpe:/a:freerdp:freerdp:1.2.0
Freerdp Freerdp 2.0.0 cpe:/a:freerdp:freerdp:2.0.0:rc1
Freerdp Freerdp 2.0.0 cpe:/a:freerdp:freerdp:2.0.0:rc2
Freerdp Freerdp 2.0.0 cpe:/a:freerdp:freerdp:2.0.0:rc3
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Canonical Ubuntu Linux 18.10 cpe:/o:canonical:ubuntu_linux:18.10
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (2) Search CVE
      1. 18.04
      2. 18.10
  2. Freerdp (1) Search CVE
    1. Freerdp (2) Search CVE
      1. 1.2.0
      2. 2.0.0

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2019-03-04 16:39
2019-03-01 19:29
2019-02-28 01:10
2019-02-09 11:29
2018-12-28 18:08
2018-12-13 11:29
2018-11-29 18:29

New CVE