CVE-2020-11058

Published: 12 May 2020

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.

Priority

Medium

CVSS 3 base score: 2.2

Status

Package Release Status
freerdp
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

freerdp2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa)
Released (2.1.1+dfsg1-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.1.1+dfsg1-0ubuntu0.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf