ID CVE-2014-0250
Summary Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.
References
Vulnerable Configurations
  • FreeRDP 1.0.0
    cpe:2.3:a:freerdp_project:freerdp:1.0.0
  • FreeRDP 1.0.1
    cpe:2.3:a:freerdp_project:freerdp:1.0.1
  • FreeRDP 1.0.2
    cpe:2.3:a:freerdp_project:freerdp:1.0.2
  • OpenSUSE 12.3
    cpe:2.3:o:opensuse:opensuse:12.3
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
CVSS
Base: 7.5 (as of 23-11-2015 - 12:06)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-452.NASL
    description freerdp was patched to fix several integer overflows. These security issues were fixed : - Integer overflow (CVE-2014-0791) - Integer overflows in memory allocations in client/X11/xf_graphics.c (CVE-2014-0250)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76343
    published 2014-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76343
    title openSUSE Security Update : freerdp (openSUSE-SU-2014:0862-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2506-1.NASL
    description This update for freerdp fixes the following issues : - CVE-2013-4118: Added a NULL pointer check to fix a server crash (bsc#829013). - CVE-2014-0791: Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP allowed remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. (bsc#857491) - CVE-2014-0250: Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allowed remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. (bsc#880317) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94037
    published 2016-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94037
    title SUSE SLED12 Security Update : freerdp (SUSE-SU-2016:2506-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3380-1.NASL
    description It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-0250) It was discovered that FreeRDP incorrectly handled certain values in a Scope List. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0791) Tyler Bohan discovered that FreeRDP incorrectly handled certain length values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-2834, CVE-2017-2835) Tyler Bohan discovered that FreeRDP incorrectly handled certain packets. A malicious server could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 102260
    published 2017-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102260
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : freerdp vulnerabilities (USN-3380-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-18 (FreeRDP: User-assisted execution of arbitrary code) FreeRDP does not properly validate user-supplied input, which could lead to an integer overflow in the xf_Pointer_New() function. Impact : A remote attacker could execute arbitrary code with the privileges of the process or cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 79971
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79971
    title GLSA-201412-18 : FreeRDP: User-assisted execution of arbitrary code
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-171.NASL
    description Updated freerdp packages fix security vulnerabilities : Integer overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified impact through unspecified vectors (CVE-2014-0250). Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet (CVE-2014-0791).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82447
    published 2015-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82447
    title Mandriva Linux Security Advisory : freerdp (MDVSA-2015:171)
refmap via4
bid 67670
confirm
gentoo GLSA-201412-18
mandriva MDVSA-2015:171
misc https://github.com/FreeRDP/FreeRDP/issues/1871
mlist [oss-security] 20140528 freerdp: integer overflows in memory allocations in client/X11/xf_graphics.c
suse openSUSE-SU-2014:0862
Last major update 23-11-2015 - 12:36
Published 16-11-2014 - 12:59
Last modified 30-10-2018 - 12:27
Back to Top