FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.
History

Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-19T19:54:32.837Z

Updated: 2024-08-01T22:35:35.003Z

Reserved: 2024-01-08T04:59:27.374Z

Link: CVE-2024-22211

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-19T20:15:13.573

Modified: 2024-11-21T08:55:48.453

Link: CVE-2024-22211

cve-icon Redhat

Severity : Low

Publid Date: 2024-01-19T00:00:00Z

Links: CVE-2024-22211 - Bugzilla