Debian Freerdp2 vulnerabilities

CVE-2020-11045 [LOW] CVE-2020-11045: freerdp2 - In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in updat... In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-11525 [LOW] CVE-2020-11525: freerdp2 - libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out... libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2020-11095 [LOW] CVE-2020-11095: freerdp2 - In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in acces... In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. Scope: local bookworm: resolved (fixed in 2.1.2+dfsg1-1) bullseye: resolved (fixed in 2.1.2+dfsg1-1)

CVE-2020-11097 [LOW] CVE-2020-11097: freerdp2 - In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in acces... In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. Scope: local bookworm: resolved (fixed in 2.1.2+dfsg1-1) bullseye: resolved (fixed in 2.1.2+dfsg1-1)

CVE-2020-11058 [LOW] CVE-2020-11058: freerdp2 - In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_f... In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1

CVE-2020-11087 [LOW] CVE-2020-11087: freerdp2 - In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_re... In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0. Scope: local bookworm: resolved (fixed in 2.1.1+dfsg1-1) bullseye: resolved (fixed in 2.1.1+dfsg1-1)

CVE-2019-17178 [HIGH] CVE-2019-17178: freerdp2 - HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as u... HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. Scope: local bookworm: resolved (fixed in 2.0.0~git20190204.1.2693389a+dfsg1-2) bullseye: resolved (fixed in 2.

CVE-2019-17177 [HIGH] CVE-2019-17177: freerdp2 - libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has... libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. Scope: local bookworm: resolved (fixed in 2.0.0~git20190204.1.2693389a+dfsg1-2) bullseye: resolved (fixed in 2.0.0~git20190204.1.2693389a+dfsg1-2)

CVE-2018-8785 [CRITICAL] CVE-2018-8785: freerdp2 - FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in func... FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. Scope: local bookworm: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg1-1) bullseye: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg1-1)

CVE-2018-8786 [CRITICAL] CVE-2018-8786: freerdp2 - FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to ... FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. Scope: local bookworm: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg1-1) bullseye: resolved (fixed in 2.0.0~git20181120.1.e21b72c9

CVE-2018-8788 [CRITICAL] CVE-2018-8788: freerdp2 - FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 by... FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. Scope: local bookworm: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg1-1) bullseye: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg1-1)

CVE-2018-8787 [CRITICAL] CVE-2018-8787: freerdp2 - FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a ... FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. Scope: local bookworm: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg1-1) bullseye: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg

CVE-2018-8784 [CRITICAL] CVE-2018-8784: freerdp2 - FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in func... FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. Scope: local bookworm: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg1-1) bullseye: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg1-1)

CVE-2018-8789 [HIGH] CVE-2018-8789: freerdp2 - FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the N... FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). Scope: local bookworm: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg1-1) bullseye: resolved (fixed in 2.0.0~git20181120.1.e21b72c95+dfsg1-1)

CVE-2018-1000852 [MEDIUM] CVE-2018-1000852: freerdp2 - FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5b... FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server wi