CVE-2023-39352

MEDIUM

Freerdp < 2.11.0 - Out-of-Bounds Write

Title source: rule

Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References (8)

[Issue Tracking] https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/gdi/gfx.c#L1219-L1239

View Writeup ZIP pw:eip

[Exploit, Vendor Advisory] https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/

[Third Party Advisory] https://security.gentoo.org/glsa/202401-16

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

Scores

CVSS v3 5.3

EPSS 0.0014

EPSS Percentile 33.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-787

Status published

Affected Products (7)

freerdp/freerdp < 2.11.0

freerdp/freerdp

freerdp/freerdp

debian/debian_linux

fedoraproject/fedora

fedoraproject/fedora

fedoraproject/fedora

Timeline

Published Aug 31, 2023

Tracked Since Feb 18, 2026