[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0250Date: (C)2014-11-24   (M)2023-12-22


Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-67670
GLSA-201412-18
MDVSA-2015:171
http://seclists.org/oss-sec/2014/q2/365
http://advisories.mageia.org/MGASA-2014-0287.html
https://bugzilla.redhat.com/show_bug.cgi?id=998934
https://github.com/FreeRDP/FreeRDP/issues/1871
https://github.com/FreeRDP/FreeRDP/pull/1874
openSUSE-SU-2014:0862

CPE    5
cpe:/a:freerdp:freerdp:1.0.2
cpe:/a:freerdp:freerdp:1.0.1
cpe:/o:opensuse:opensuse:13.1
cpe:/o:opensuse:opensuse:12.3
...
CWE    1
CWE-189
OVAL    2
oval:org.secpod.oval:def:41754
oval:org.secpod.oval:def:52192

© SecPod Technologies