Skip to main content

Freerdp

162 CVEs product

Monthly

CVE-2023-39351 HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-39350 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Apache Denial Of Service Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-40589 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Freerdp Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-39319 MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
4.6
EPSS
0.7%
CVE-2022-39318 MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Freerdp Fedora
NVD GitHub
CVSS 3.1
5.7
EPSS
1.0%
CVE-2022-39317 MEDIUM This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
4.6
EPSS
0.6%
CVE-2022-41877 MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
4.6
EPSS
0.7%
CVE-2022-39347 MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Freerdp Fedora
NVD GitHub
CVSS 3.1
5.7
EPSS
0.9%
CVE-2022-39320 MEDIUM This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
4.6
EPSS
0.7%
CVE-2022-39316 MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
5.7
EPSS
1.0%
CVE-2022-39283 HIGH This Week

FreeRDP is a free remote desktop protocol library and clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39282 HIGH This Week

FreeRDP is a free remote desktop protocol library and clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-24883 CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-24882 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freerdp Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-41160 HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Freerdp Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-41159 HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Freerdp Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-37595 CRITICAL PATCH Act Now

In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Freerdp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-37594 CRITICAL PATCH Act Now

In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Freerdp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-15103 LOW PATCH Monitor

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Freerdp Fedora Leap Ubuntu Linux +1
NVD GitHub
CVSS 3.1
3.5
EPSS
1.5%
CVE-2020-4033 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-4032 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Freerdp Fedora Leap Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%
CVE-2020-4031 HIGH PATCH This Week

In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Freerdp Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-4030 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-11099 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Leap Fedora +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-11098 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-11097 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-11096 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-11095 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-11089 MEDIUM PATCH This Month

In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu,. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-11088 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-11087 MEDIUM PATCH This Month

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-11086 MEDIUM PATCH This Month

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-11085 LOW PATCH Monitor

In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
3.5
EPSS
1.7%
CVE-2020-11043 LOW PATCH Monitor

In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
2.7
EPSS
1.9%
CVE-2020-11040 LOW Monitor

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
2.7
EPSS
1.6%
CVE-2020-11041 LOW Monitor

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
2.7
EPSS
1.5%
CVE-2020-11039 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
1.3%
CVE-2020-11038 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-11019 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-11018 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Freerdp Leap +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-11017 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-13398 HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
8.3
EPSS
2.4%
CVE-2020-13397 MEDIUM PATCH This Month

An issue was discovered in FreeRDP before 2.1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-13396 HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
7.1
EPSS
2.3%
CVE-2020-11526 LOW POC PATCH Monitor

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Leap +1
NVD GitHub
CVSS 3.1
2.2
EPSS
2.0%
CVE-2020-11525 LOW POC PATCH Monitor

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
2.2
EPSS
1.7%
CVE-2020-11524 MEDIUM POC PATCH This Month

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Memory Corruption Freerdp Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.6
EPSS
1.8%
CVE-2020-11523 MEDIUM POC PATCH This Month

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
6.6
EPSS
2.0%
CVE-2020-11522 MEDIUM POC PATCH This Month

libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-11521 MEDIUM POC PATCH This Month

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Leap +1
NVD GitHub
CVSS 3.1
6.6
EPSS
1.9%
CVE-2020-11058 LOW PATCH Monitor

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.6%
CVE-2020-11049 LOW POC PATCH Monitor

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.5%
CVE-2020-11048 LOW POC PATCH Monitor

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.8%
CVE-2020-11047 MEDIUM POC PATCH This Month

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-11046 LOW PATCH Monitor

In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.3%
CVE-2020-11045 LOW POC PATCH Monitor

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
3.3
EPSS
1.7%
CVE-2020-11044 LOW POC PATCH Monitor

In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.9%
CVE-2020-11042 MEDIUM POC PATCH This Month

In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2019-17178 HIGH PATCH This Week

HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freerdp Lodepng Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-17177 HIGH PATCH This Week

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freerdp Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2018-1000852 MEDIUM POC PATCH This Month

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Freerdp Ubuntu Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2018-8789 HIGH POC PATCH This Week

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
5.2%
CVE-2018-8788 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Buffer Overflow Freerdp Ubuntu Linux +1
NVD GitHub
CVSS 3.0
9.8
EPSS
7.4%
CVE-2018-8787 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
8.4%
CVE-2018-8786 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux Debian Linux +7
NVD GitHub
CVSS 3.1
9.8
EPSS
8.2%
CVE-2018-8785 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2018-8784 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2013-4119 HIGH PATCH This Week

FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Freerdp
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2013-4118 HIGH PATCH This Week

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Freerdp Leap Opensuse
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2014-0250 HIGH This Week

Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Freerdp Opensuse
NVD GitHub
CVSS 2.0
7.5
EPSS
3.1%
CVE-2014-0791 MEDIUM This Month

Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Freerdp
NVD GitHub
CVSS 2.0
6.8
EPSS
1.5%
CVE-2026-55827 HIGH PATCH This Week

Client-side memory corruption in FreeRDP (all versions before 3.27.1) lets a malicious or compromised RDP server compromise a connecting client through improperly bounds-checked bitmap cache orders. The cacheId field of Cache Bitmap V2/V3 orders was masked to only two bits (0x0003) instead of three (0x0007) and used to index cell-cache arrays without validating it against the negotiated number of cells, enabling out-of-bounds access controlled by the server. There is no public exploit identified at time of analysis and EPSS is low (0.45%, 36th percentile), but the CVSS 8.8 reflects full confidentiality, integrity and availability impact once a user connects to the attacker's server.

Information Disclosure Freerdp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
EPSS 1% CVSS 7.5
HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apache +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Apache Denial Of Service +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Freerdp +2
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Freerdp +1
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Freerdp Fedora
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freerdp +1
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Fedora
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Freerdp Fedora
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freerdp +1
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

FreeRDP is a free remote desktop protocol library and clients. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Freerdp +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

FreeRDP is a free remote desktop protocol library and clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freerdp +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

FreeRDP is a free remote desktop protocol library and clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Freerdp Fedora
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Freerdp Fedora
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freerdp Extra Packages For Enterprise Linux +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Freerdp
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Freerdp
NVD GitHub
EPSS 1% CVSS 3.5
LOW PATCH Monitor

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Freerdp Fedora +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Freerdp Fedora +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +5
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu,. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 2% CVSS 3.5
LOW PATCH Monitor

In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 2% CVSS 2.7
LOW PATCH Monitor

In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 2% CVSS 2.7
LOW Monitor

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 2% CVSS 2.7
LOW Monitor

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Freerdp Leap +1
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Freerdp +2
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Freerdp Leap +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Freerdp Leap +1
NVD GitHub
EPSS 2% CVSS 8.3
HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Freerdp +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in FreeRDP before 2.1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 2% CVSS 7.1
HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 2% CVSS 2.2
LOW POC PATCH Monitor

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 2% CVSS 2.2
LOW POC PATCH Monitor

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 2% CVSS 6.6
MEDIUM POC PATCH This Month

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Memory Corruption Freerdp +2
NVD GitHub
EPSS 2% CVSS 6.6
MEDIUM POC PATCH This Month

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Freerdp +3
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 2% CVSS 6.6
MEDIUM POC PATCH This Month

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 2% CVSS 2.2
LOW PATCH Monitor

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Ubuntu Linux +1
NVD GitHub
EPSS 2% CVSS 2.2
LOW POC PATCH Monitor

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 2% CVSS 2.2
LOW POC PATCH Monitor

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 1% CVSS 2.2
LOW PATCH Monitor

In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Ubuntu Linux +1
NVD GitHub
EPSS 2% CVSS 3.3
LOW POC PATCH Monitor

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 2% CVSS 2.2
LOW POC PATCH Monitor

In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Freerdp Ubuntu Linux +1
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freerdp Lodepng +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freerdp Leap
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Freerdp +2
NVD GitHub
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Freerdp +2
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Buffer Overflow +3
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp +8
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp +9
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Freerdp
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Freerdp +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH This Week

Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Freerdp Opensuse
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM This Month

Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Freerdp
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Client-side memory corruption in FreeRDP (all versions before 3.27.1) lets a malicious or compromised RDP server compromise a connecting client through improperly bounds-checked bitmap cache orders. The cacheId field of Cache Bitmap V2/V3 orders was masked to only two bits (0x0003) instead of three (0x0007) and used to index cell-cache arrays without validating it against the negotiated number of cells, enabling out-of-bounds access controlled by the server. There is no public exploit identified at time of analysis and EPSS is low (0.45%, 36th percentile), but the CVSS 8.8 reflects full confidentiality, integrity and availability impact once a user connects to the attacker's server.

Information Disclosure Freerdp
NVD GitHub
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy