AVG-1193 log

Package freerdp
Status Fixed
Severity High
Type multiple issues
Affected 2:2.1.1-1
Fixed 2:2.1.2-1
Current 2:3.9.0-4 [extra]
Ticket None
Created Tue Jun 23 12:41:29 2020
Issue Severity Remote Type Description
CVE-2020-11099 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in license_read_new_or_upgrade_license_packet().
CVE-2020-11098 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in glyph_cache_put. This issue only exists when glyph-cache is enabled, which is not the case...
CVE-2020-11097 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in ntlm_av_pair_get().
CVE-2020-11096 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in update_read_cache_bitmap_v3_order().
CVE-2020-11095 Medium Yes Information disclosure
A global out-of-bounds read has been found in FreeRDP before 2.1.2, in update_recv_primary_order.
CVE-2020-4033 Low Yes Information disclosure
An out-of-bounds read of up to 4 bytes has been found in FreeRDP before 2.1.2, affecting all FreeRDP based clients with sessions with color depth < 32.
CVE-2020-4032 Low Yes Information disclosure
An integer casting vulnerability leading to an out-of-bounds read has been found in FreeRDP before 2.1.2, in update_recv_secondary_order(), on clients with...
CVE-2020-4031 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in FreeRDP before 2.1.2, in gdi_SelectObject(). Clients using compatibility mode enabled with...
CVE-2020-4030 Medium Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, where logging might bypass string length checks due to an integer overflow.
Date Advisory Package Type
28 Jun 2020 ASA-202006-15 freerdp multiple issues
References
http://www.freerdp.com/2020/06/22/2_1_2-released