PublicDateAtUSN: 2018-11-29
Candidate: CVE-2018-8787
PublicDate: 2018-11-29 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8787
 https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
 https://ubuntu.com/security/notices/USN-3845-1
 https://ubuntu.com/security/notices/USN-3845-2
Description:
 FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads
 to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and
 results in a memory corruption and probably even a remote code execution.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: amurray
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_freerdp2:
upstream_freerdp2: released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
precise/esm_freerdp2: DNE
trusty_freerdp2: DNE
trusty/esm_freerdp2: DNE
xenial_freerdp2: DNE
bionic_freerdp2: released (2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1)
cosmic_freerdp2: released (2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1)
disco_freerdp2: released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
devel_freerdp2: released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)

Patches_freerdp:
upstream_freerdp: needs-triage
precise/esm_freerdp: DNE
trusty_freerdp: released (1.0.2-2ubuntu1.2)
trusty/esm_freerdp: DNE (trusty was released [1.0.2-2ubuntu1.2])
xenial_freerdp: released (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3)
esm-infra/xenial_freerdp: released (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3)
bionic_freerdp: released (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1)
cosmic_freerdp: released (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1)
disco_freerdp: DNE
devel_freerdp: DNE