RDP client might read out of bounds data and display it

Low

akallabeth published GHSA-6cf9-3328-qrvh

Oct 12, 2022

Package

FreeRDP (c)

Affected versions

<= 2.8.0

Patched versions

2.8.1

Description

Impact

All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result

FreeRDP based server implementations are not affected.

Patches

Version 2.8.1

Workarounds

Do not use the /video switch

Issue Reporter

Reported by BT5

For more information

If you have any questions or comments about this advisory:

Open an issue in https://github.com/FreeRDP/FreeRDP
See https://www.freerdp.com/ for contact details
Email us at security@freerdp.com