Your submission was sent successfully! Close

CVE-2018-8788

Published: 29 November 2018

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
freerdp
Launchpad, Ubuntu, Debian
bionic
Released (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1)
cosmic
Released (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1)
disco Does not exist

precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

xenial
Released (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3)
freerdp2
Launchpad, Ubuntu, Debian
bionic
Released (2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1)
cosmic
Released (2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1)
disco
Released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
precise Does not exist

trusty Does not exist

upstream
Released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
xenial Does not exist