CVE-2018-8784

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfxdecompresssegment() that results in a memory corruption and probably even a remote code execution.

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type: GIT
Repo: https://github.com/freerdp/freerdp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7

Affected versions

1.*

1.0-beta1

1.0-beta2

1.0-beta3

1.0-beta4

1.0-beta5

1.0.0

1.0.1

1.1.0-beta+2013071101

1.1.0-beta1

1.1.0-beta1+android2

1.1.0-beta1+android3

1.1.0-beta1+android4

1.1.0-beta1+android5

1.1.0-beta1+ios1

1.1.0-beta1+ios2

1.1.0-beta1+ios3

1.1.0-beta1+ios4

1.2.0-beta1+android7

1.2.0-beta1+android9

2.*

2.0.0-beta1+android10

2.0.0-beta1+android11

2.0.0-rc0

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7",
        "signature_version": "v1",
        "target": {
            "function": "zgfx_GetBits",
            "file": "libfreerdp/codec/zgfx.c"
        },
        "digest": {
            "function_hash": "5425658578842756555766032532911221974",
            "length": 498.0
        },
        "id": "CVE-2018-8784-3ee578e2"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7",
        "signature_version": "v1",
        "target": {
            "file": "libfreerdp/codec/zgfx.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "183004235591668635388793416221527180952",
                "308551081678144123828325673808498648805",
                "154313303284566741372749909479475738030",
                "132884302306568066085333383287459666709",
                "262492858770932996240150910068351063854",
                "203702999331377103310646261393761919250",
                "167380914164342764959401217543543095567",
                "13540684346446715777637802021582209554",
                "311891805920254916498775542912402450263",
                "241516527663528718358904487599677710163",
                "97308244726792857383179309575420684207",
                "18665083726635648619654057544017589864",
                "334986266750018248128782574845546139084",
                "26307924798652688742837269370744161570",
                "172851853559149624580627288319374799581",
                "45345896685779517200997882316629828497",
                "264274875738533249388971173521124600956",
                "194011039796460496619575215719090768957",
                "173226611019216288356929805813144347970",
                "259557405479208692191625725125700443687",
                "126584308940012886196255270920460352175",
                "152539648080863676852541452921266141059",
                "170170358519463512489981916209534205080"
            ]
        },
        "id": "CVE-2018-8784-99d08a87"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7",
        "signature_version": "v1",
        "target": {
            "function": "zgfx_decompress_segment",
            "file": "libfreerdp/codec/zgfx.c"
        },
        "digest": {
            "function_hash": "322517898482837905962037901991472629201",
            "length": 2505.0
        },
        "id": "CVE-2018-8784-e4341463"
    }
]