freerdp (SUSE:Linux Enterprise Software Development Kit 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP5 package freerdp, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (86)
CVE-2024-32658 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to…
CVE-2024-32039 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6…
CVE-2018-8784 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory…
CVE-2018-8785 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption…
CVE-2018-8786 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function…
CVE-2018-8787 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function…
CVE-2018-8788 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory…
CVE-2024-32041 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or…
CVE-2024-32458 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or…
CVE-2024-32459 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to…
CVE-2024-32659 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to…
CVE-2022-24882 — CVSS 9.1 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication…
CVE-2020-13398 — CVSS 8.3 (high): An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in…
CVE-2024-32040 — CVSS 8.1 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or…
CVE-2024-32460 — CVSS 8.1 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with…
CVE-2017-2835 — CVSS 8.1 (high): An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted…
CVE-2020-11039 — CVSS 8.0 (high): In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read…
CVE-2024-32660 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by…
CVE-2018-8789 — CVSS 7.5 (high): FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of…
CVE-2019-17177 — CVSS 7.5 (high): libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the…
CVE-2019-17178 — CVSS 7.5 (high): HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory…
CVE-2024-32661 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible…
CVE-2022-24883 — CVSS 7.4 (high): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM`…
CVE-2020-13396 — CVSS 7.1 (high): An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage…
CVE-2018-0886 — CVSS 7.0 (high): The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and…
CVE-2017-2834 — CVSS 7.0 (high): An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially…
CVE-2020-11038 — CVSS 6.9 (medium): In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server…
CVE-2020-11524 — CVSS 6.6 (medium): libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
CVE-2023-40567 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2023-40574 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2023-40186 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2018-1000852 — CVSS 6.5 (medium): FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in…
CVE-2023-40569 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2020-11017 — CVSS 6.5 (medium): In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the…
CVE-2020-11018 — CVSS 6.5 (medium): In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out…
CVE-2023-39354 — CVSS 5.9 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2017-2837 — CVSS 5.9 (medium): An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially…
CVE-2017-2836 — CVSS 5.9 (medium): An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP…
CVE-2017-2839 — CVSS 5.9 (medium): An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A…
CVE-2017-2838 — CVSS 5.9 (medium): An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A…
CVE-2023-39350 — CVSS 5.9 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only…
CVE-2022-39283 — CVSS 5.9 (medium): FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might…
CVE-2021-41159 — CVSS 5.8 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to…
CVE-2020-13397 — CVSS 5.5 (medium): An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in…
CVE-2022-39320 — CVSS 5.5 (medium): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow…
CVE-2023-39356 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing…
CVE-2023-39351 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are…
CVE-2023-39352 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2023-39353 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2023-40181 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2023-40188 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2023-40575 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2023-40576 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to…
CVE-2022-39316 — CVSS 4.8 (medium): FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component…
CVE-2022-39318 — CVSS 4.8 (medium): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc`…
CVE-2022-39319 — CVSS 4.6 (medium): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the…
CVE-2022-41877 — CVSS 4.6 (medium): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive`…
CVE-2022-39317 — CVSS 4.6 (medium): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset…
CVE-2020-11019 — CVSS 4.3 (medium): In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a…
CVE-2023-40589 — CVSS 4.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a…
CVE-2020-11089 — CVSS 3.7 (low): In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create…
CVE-2024-22211 — CVSS 3.7 (low): FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in…
CVE-2020-15103 — CVSS 3.5 (low): In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients…
CVE-2020-11099 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet…
CVE-2020-11098 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache`…
CVE-2020-11097 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of…
CVE-2020-11096 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap…
CVE-2020-11095 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of…
CVE-2022-39282 — CVSS 3.5 (low): FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch…
CVE-2020-4031 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with…
CVE-2020-4030 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer…
CVE-2020-11086 — CVSS 3.1 (low): In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes…
CVE-2020-4032 — CVSS 3.1 (low): In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache…
CVE-2020-11088 — CVSS 3.1 (low): In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.
CVE-2020-11087 — CVSS 3.1 (low): In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.
CVE-2020-4033 — CVSS 3.1 (low): In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth…
CVE-2022-39347 — CVSS 2.6 (low): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path…
CVE-2020-11085 — CVSS 2.6 (low): In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might…
CVE-2020-11525 — CVSS 2.2 (low): libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
CVE-2020-11043 — CVSS 2.2 (low): In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder…
CVE-2020-11041 — CVSS 2.2 (low): In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound…
CVE-2020-11040 — CVSS 2.2 (low): In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on…
CVE-2020-11526 — CVSS 2.2 (low): libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.