CVE-2022-39317 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-39317

CVE-2022-39317

November 16, 2022

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.

Related Resources (10)

https://access.redhat.com/security/cve/CVE-2022-39317

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39317.json

https://security.gentoo.org/glsa/202401-16

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

https://security-tracker.debian.org/tracker/CVE-2022-39317

https://nvd.nist.gov/vuln/detail/CVE-2022-39317

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

Do you need more information?