FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-11-16T00:00:00

Updated: 2024-08-03T12:00:44.101Z

Reserved: 2022-09-02T00:00:00

Link: CVE-2022-39317

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-11-16T21:15:10.300

Modified: 2024-11-21T07:18:01.407

Link: CVE-2022-39317

cve-icon Redhat

Severity : Low

Publid Date: 2022-11-16T00:00:00Z

Links: CVE-2022-39317 - Bugzilla