PublicDateAtUSN: 2018-11-29
Candidate: CVE-2018-8784
PublicDate: 2018-11-29 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8784
 https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7
 https://ubuntu.com/security/notices/USN-3845-1
Description:
 FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in
 function zgfx_decompress_segment() that results in a memory corruption and
 probably even a remote code execution.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: amurray
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_freerdp2:
upstream_freerdp2: released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
precise/esm_freerdp2: DNE
trusty_freerdp2: DNE
trusty/esm_freerdp2: DNE
xenial_freerdp2: DNE
bionic_freerdp2: released (2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1)
cosmic_freerdp2: released (2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1)
disco_freerdp2: released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
devel_freerdp2: released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)

Patches_freerdp:
upstream_freerdp: needs-triage
precise/esm_freerdp: DNE
trusty_freerdp: not-affected (code not present)
trusty/esm_freerdp: DNE (trusty was not-affected [code not present])
xenial_freerdp: not-affected (code not present)
esm-infra/xenial_freerdp: not-affected (code not present)
bionic_freerdp: not-affected (code not present)
cosmic_freerdp: not-affected (code not present)
disco_freerdp: DNE
devel_freerdp: DNE