Vulnerabilities > CVE-2018-8787 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
freerdp
canonical
debian
CWE-190
nessus
NVD
Published: 2018-11-29
Updated: 2019-06-03

Summary

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

Vulnerable Configurations

Part Description Count
Application
Freerdp
19
OS
Canonical
4
OS
Debian
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0539-1.NASL
    descriptionThis update for freerdp to version 2.0.0~rc4 fixes the following issues : Security issues fixed : CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) Other issues: Upgraded to version 2.0.0-rc4 (FATE#326739) Security and stability improvements, including bsc#1103557 and bsc#1112028 gateway: multiple fixes and improvements client/X11: support for rail (remote app) icons was added The licensing code was re-worked: Per-device licenses are now saved on the client and used on re-connect: WARNING: this is a change in FreeRDP behavior regarding licensing. If the old behavior is required, or no licenses should be saved use the new command line option +old-license (gh#/FreeRDP/FreeRDP#4979) Improved order handling - only orders that were enable during capability exchange are accepted. WARNING and NOTE: some servers do improperly send orders that weren
    last seen2020-06-01
    modified2020-06-02
    plugin id122608
    published2019-03-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122608
    titleSUSE SLED15 / SLES15 Security Update : freerdp (SUSE-SU-2019:0539-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0697.NASL
    descriptionAn update for freerdp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es) : * freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function (CVE-2018-8786) * freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function (CVE-2018-8787) * freerdp: Out-of-bounds write in nsc_rle_decode() function (CVE-2018-8788) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124032
    published2019-04-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124032
    titleCentOS 7 : freerdp (CESA-2019:0697)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1284.NASL
    descriptionAccording to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - freerdp: Integer truncation leading to heap-based buffer overflow in Update_read_bitmap_update() function (CVE-2018-8786) - freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function (CVE-2018-8787) - freerdp: Out-of-bounds write in nsc_rle_decode() function (CVE-2018-8788) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-30
    plugin id124380
    published2019-04-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124380
    titleEulerOS 2.0 SP3 : freerdp (EulerOS-SA-2019-1284)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0697.NASL
    descriptionAn update for freerdp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es) : * freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function (CVE-2018-8786) * freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function (CVE-2018-8787) * freerdp: Out-of-bounds write in nsc_rle_decode() function (CVE-2018-8788) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id123647
    published2019-04-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123647
    titleRHEL 7 : freerdp (RHSA-2019:0697)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-96.NASL
    descriptionThis update for freerdp fixes the following issues : Security issues fixed : - CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) - CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) - CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) - CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) - CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) - CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) - CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) - CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-03-18
    modified2019-01-30
    plugin id121462
    published2019-01-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121462
    titleopenSUSE Security Update : freerdp (openSUSE-2019-96)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0697.NASL
    descriptionFrom Red Hat Security Advisory 2019:0697 : An update for freerdp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es) : * freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function (CVE-2018-8786) * freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function (CVE-2018-8787) * freerdp: Out-of-bounds write in nsc_rle_decode() function (CVE-2018-8788) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id123646
    published2019-04-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123646
    titleOracle Linux 7 : freerdp (ELSA-2019-0697)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-325.NASL
    descriptionThis update for freerdp to version 2.0.0~rc4 fixes the following issues : Security issues fixed : - CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) - CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) - CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) - CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) - CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) - CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) - CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) - CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) Other issues : - Upgraded to version 2.0.0-rc4 (FATE#326739) - Security and stability improvements, including bsc#1103557 and bsc#1112028 - gateway: multiple fixes and improvements - client/X11: support for rail (remote app) icons was added - The licensing code was re-worked: Per-device licenses are now saved on the client and used on re-connect: WARNING: this is a change in FreeRDP behavior regarding licensing. If the old behavior is required, or no licenses should be saved use the new command line option +old-license (gh#/FreeRDP/FreeRDP#4979) - Improved order handling - only orders that were enable during capability exchange are accepted. WARNING and NOTE: some servers do improperly send orders that weren
    last seen2020-06-01
    modified2020-06-02
    plugin id122847
    published2019-03-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122847
    titleopenSUSE Security Update : freerdp (openSUSE-2019-325)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0074_FREERDP.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has freerdp packages installed that are affected by multiple vulnerabilities: - FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. (CVE-2018-8786) - FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. (CVE-2018-8787) - FreeRDP prior to version 2.0.0-rc4 contains an Out-Of- Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. (CVE-2018-8788) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127280
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127280
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : freerdp Multiple Vulnerabilities (NS-SA-2019-0074)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1666.NASL
    descriptionFor the FreeRDP version in Debian jessie LTS a security and functionality update has recently been provided. FreeRDP is a free re-implementation of the Microsoft RDP protocol (server and client side) with freerdp-x11 being the most common RDP client these days. Functional improvements : With help from FreeRDP upstream (cudos to Bernhard Miklautz and Martin Fleisz) we are happy to announce that RDP proto v6 and CredSSP v3 support have been backported to the old FreeRDP 1.1 branch. Since Q2/2018, Microsoft Windows servers and clients received an update that defaulted their RDP server to proto version 6. Since this change, people have not been able anymore to connect to recently updated MS Windows machines using old the FreeRDP 1.1 branch as found in Debian jessie LTS and Debian stretch. With the recent FreeRDP upload to Debian jessie LTS, connecting to up-to-date MS Windows machines is now again possible. Security issues : CVE-2018-8786 FreeRDP contained an integer truncation that lead to a heap-based buffer overflow in function update_read_bitmap_update() and resulted in a memory corruption and probably even a remote code execution. CVE-2018-8787 FreeRDP contained an integer overflow that leads to a heap-based buffer overflow in function gdi_Bitmap_Decompress() and resulted in a memory corruption and probably even a remote code execution. CVE-2018-8788 FreeRDP contained an out-of-bounds write of up to 4 bytes in function nsc_rle_decode() that resulted in a memory corruption and possibly even a remote code execution. CVE-2018-8789 FreeRDP contained several out-of-bounds reads in the NTLM authentication module that resulted in a denial of service (segfault). For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id122066
    published2019-02-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122066
    titleDebian DLA-1666-1 : freerdp security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3845-2.NASL
    descriptionUSN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10. Original advisory details : Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018- 8787) Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018- 8788) Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018- 8789). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125542
    published2019-05-29
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125542
    titleUbuntu 18.04 LTS / 18.10 : FreeRDP vulnerabilities (USN-3845-2)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190402_FREERDP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function (CVE-2018-8786) - freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function (CVE-2018-8787) - freerdp: Out-of-bounds write in nsc_rle_decode() function (CVE-2018-8788)
    last seen2020-03-18
    modified2019-04-03
    plugin id123648
    published2019-04-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123648
    titleScientific Linux Security Update : freerdp on SL7.x x86_64 (20190402)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1191.NASL
    descriptionFreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.(CVE-2018-8788) FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.(CVE-2018-8787) FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.(CVE-2018-8786)
    last seen2020-06-01
    modified2020-06-02
    plugin id124126
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124126
    titleAmazon Linux 2 : freerdp (ALAS-2019-1191)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1283.NASL
    descriptionAccording to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - freerdp: Integer truncation leading to heap-based buffer overflow in Update_read_bitmap_update() function (CVE-2018-8786) - freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function (CVE-2018-8787) - freerdp: Out-of-bounds write in nsc_rle_decode() function (CVE-2018-8788) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-30
    plugin id124379
    published2019-04-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124379
    titleEulerOS 2.0 SP2 : freerdp (EulerOS-SA-2019-1283)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1285.NASL
    descriptionAccording to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - freerdp: Integer truncation leading to heap-based buffer overflow in Update_read_bitmap_update() function (CVE-2018-8786) - freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function (CVE-2018-8787) - freerdp: Out-of-bounds write in nsc_rle_decode() function (CVE-2018-8788) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-30
    plugin id124381
    published2019-04-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124381
    titleEulerOS 2.0 SP5 : freerdp (EulerOS-SA-2019-1285)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3845-1.NASL
    descriptionEyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787) Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788) Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-10
    modified2018-12-13
    plugin id119655
    published2018-12-13
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119655
    titleUbuntu 14.04 LTS : freerdp, freerdp2 vulnerabilities (USN-3845-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0134-1.NASL
    descriptionThis update for freerdp fixes the following issues : Security issues fixed : CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-22
    plugin id121302
    published2019-01-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121302
    titleSUSE SLED12 Security Update : freerdp (SUSE-SU-2019:0134-1)

Redhat

advisories
rhsa
idRHSA-2019:0697
rpms
  • freerdp-0:1.0.2-15.el7_6.1
  • freerdp-debuginfo-0:1.0.2-15.el7_6.1
  • freerdp-devel-0:1.0.2-15.el7_6.1
  • freerdp-libs-0:1.0.2-15.el7_6.1
  • freerdp-plugins-0:1.0.2-15.el7_6.1

References