PublicDateAtUSN: 2020-07-27 18:15:00 UTC
Candidate: CVE-2020-15103
PublicDate: 2020-07-27 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15103
 https://github.com/FreeRDP/FreeRDP/pull/6381
 https://ubuntu.com/security/notices/USN-4481-1
Description:
 In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to
 missing input sanitation in rdpegfx channel. All FreeRDP clients are
 affected. The input rectangles from the server are not checked against
 local surface coordinates and blindly accepted. A malicious server can send
 data that will crash the client later on (invalid length arguments to a
 `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command
 line arguments /gfx, /gfx-h264 and /network:auto
Ubuntu-Description:
Notes:
 mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS
 mdeslaur> does not build a server library. This is simply a client
 mdeslaur> denial of service that has a negligible security impact.
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965979
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L [3.5 LOW]


Patches_freerdp2:
 upstream: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924
 upstream: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e
upstream_freerdp2: needs-triage
precise/esm_freerdp2: DNE
trusty_freerdp2: ignored (out of standard support)
trusty/esm_freerdp2: DNE
xenial_freerdp2: DNE
bionic_freerdp2: released (2.2.0+dfsg1-0ubuntu0.18.04.1)
focal_freerdp2: released (2.2.0+dfsg1-0ubuntu0.20.04.1)
groovy_freerdp2: not-affected (2.2.0+dfsg1-1)
hirsute_freerdp2: not-affected (2.2.0+dfsg1-1)
impish_freerdp2: not-affected (2.2.0+dfsg1-1)
jammy_freerdp2: not-affected (2.2.0+dfsg1-1)
devel_freerdp2: not-affected (2.2.0+dfsg1-1)

Patches_freerdp:
Priority_freerdp: negligible
upstream_freerdp: needs-triage
precise/esm_freerdp: DNE
trusty_freerdp: ignored (out of standard support)
trusty/esm_freerdp: DNE
xenial_freerdp: ignored (end of standard support, was needs-triage)
esm-infra/xenial_freerdp: needs-triage
bionic_freerdp: needs-triage
focal_freerdp: DNE
groovy_freerdp: DNE
hirsute_freerdp: DNE
impish_freerdp: DNE
jammy_freerdp: DNE
devel_freerdp: DNE