CVE-2018-8787

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

Weakness

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Affected Software

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/10.html
• https://cwe.mitre.org/data/definitions/100.html
• https://cwe.mitre.org/data/definitions/14.html
• https://cwe.mitre.org/data/definitions/24.html
• https://cwe.mitre.org/data/definitions/45.html
• https://cwe.mitre.org/data/definitions/46.html
• https://cwe.mitre.org/data/definitions/47.html
• https://cwe.mitre.org/data/definitions/67.html
• https://cwe.mitre.org/data/definitions/8.html
• https://cwe.mitre.org/data/definitions/9.html
• https://cwe.mitre.org/data/definitions/92.html

References

• http://www.securityfocus.com/bid/106938
• https://access.redhat.com/errata/RHSA-2019:0697
• https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
• https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
• https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
• https://usn.ubuntu.com/3845-1/
• https://usn.ubuntu.com/3845-2/
• http://www.securityfocus.com/bid/106938
• https://access.redhat.com/errata/RHSA-2019:0697
• https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
• https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html
• https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
• https://usn.ubuntu.com/3845-1/
• https://usn.ubuntu.com/3845-2/