CVE-2021-41160 log

Severity Medium
Remote Yes
Type Arbitrary code execution
A security issue has been found in FreeRDP before version 2.4.1. A malicious server might trigger out of bound writes in a connected client.

Connections using GDI or SurfaceCommands to send graphics updates to the client might send 0 width/height or out of bound rectangles to trigger out of bound writes. With 0 width or heigth the memory allocation will be 0 but the missing bounds checks allow writing to the pointer at this (not allocated) region.
Group Package Affected Fixed Severity Status Ticket
AVG-2488 freerdp 2:2.4.0-2 2:2.4.1-1 Medium Fixed
Date Advisory Group Package Severity Type
29 Oct 2021 ASA-202110-11 AVG-2488 freerdp Medium arbitrary code execution