CVE-2018-8787Integer Overflow to Buffer Overflow in Freerdp

CWE-680Integer Overflow to Buffer OverflowCWE-190Integer Overflow or WraparoundCWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow13 documents8 sources
Severity
9.8CRITICALNVD
EPSS
8.7%
top 7.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
FreerdpCheck Point Software Technologies LTD FreerdpCanonical Ubuntu Linux+7 more
Timeline
PublishedNov 29
Latest updateMay 13

Description

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDfreerdp/freerdp1.2.0+1
CVEListV5check_point_software_technologies_ltd/freerdpAll versions prior to 2.0.0-rc4

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.6

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
GHSA-264x-4r27-x5m2: FreeRDP prior to version 22022-05-13
OSV
freerdp vulnerabilities2019-05-28
OSV
freerdp, freerdp2 vulnerabilities2018-12-12
OSV
CVE-2018-8787: FreeRDP prior to version 22018-11-29
CVEList
CVE-2018-8787: FreeRDP prior to version 22018-11-29

📋Vendor Advisories

4
Ubuntu
FreeRDP vulnerabilities2019-05-28
Ubuntu
FreeRDP vulnerabilities2018-12-12
Red Hat
freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function2018-10-22
Debian
CVE-2018-8787: freerdp2 - FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a ...2018

💬Community

2
Bugzilla
CVE-2018-8787 freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function2019-01-31
Bugzilla
CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 freerdp: various flaws [epel-6]2019-01-31
CVE-2018-8787 — Integer Overflow to Buffer Overflow | cvebase