CVE-2024-22211
LOWDescription
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| freerdp | freerdp |
| freerdp | freerdp |
References
Advisories & Patches
Exploits
Other References
Frequently Asked Questions
What is CVE-2024-22211? +
How severe is CVE-2024-22211? +
What products are affected by CVE-2024-22211? +
How do I check if I'm vulnerable to CVE-2024-22211? +
Related Vulnerabilities
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This …
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for …
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. …
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from …
Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to …