WRITEUP

WRITEUP

Exploit for CVE-2023-39350 - Freerdp < 2.11.0 - Integer Underflow

AI Analysis

This patch addresses CVE-2023-39350 by adding bounds checks for quantization indices in the RFX codec of FreeRDP to prevent out-of-bounds access vulnerabilities. The fix ensures that `quantIdxY`, `quantIdxCb`, and `quantIdxCr` are within the valid range of `context->numQuant`.

Attack Type

DoS

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1499 - Endpoint Denial of Service

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc

Authors

Armin Novak

Vulnerability

CVE-2023-39350

Freerdp < 2.11.0 - Integer Underflow

MEDIUM

CVSS 5.9