CVE-2020-15103 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto
Group Package Affected Fixed Severity Status Ticket
AVG-1209 freerdp 2:2.1.2-1 2:2.2.0-1 Medium Fixed
References
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9
https://github.com/FreeRDP/FreeRDP/commit/d2ba84a6885f57674098fe8e76c5f99d880e580d