icon

We found results for “

CVE-2023-39353

Date: August 31, 2023

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the "libfreerdp/codec/rfx.c" file there is no offset validation in "tile->quantIdxY", "tile->quantIdxCb", and "tile->quantIdxCr". As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: C

Severity Score

Severity Score

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us