CVE-2020-15103

Priority
Description
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to
missing input sanitation in rdpegfx channel. All FreeRDP clients are
affected. The input rectangles from the server are not checked against
local surface coordinates and blindly accepted. A malicious server can send
data that will crash the client later on (invalid length arguments to a
`memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command
line arguments /gfx, /gfx-h264 and /network:auto
Notes
mdeslaurThe freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS
does not build a server library. This is simply a client
denial of service that has a negligible security impact.
Package
Priority: Negligible
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (2.2.0+dfsg1-0ubuntu0.18.04.1)
Ubuntu 20.04 LTS (Focal Fossa):released (2.2.0+dfsg1-0ubuntu0.20.04.1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (2.2.0+dfsg1-1)
Patches:
Upstream:https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924
Upstream:https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e
More Information

Updated: 2020-09-09 23:35:46 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)