CVE-2018-8784
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-8784
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8784.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-8784
- Downstream
- Related
- Published
- 2018-11-29T18:29:00.803Z
- Modified
- 2025-11-14T09:00:18.704698Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfxdecompresssegment() that results in a memory corruption and probably even a remote code execution.
- References
Affected packages
Git / github.com/freerdp/freerdp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freerdp/freerdp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7",
"signature_type": "Function",
"target": {
"function": "zgfx_GetBits",
"file": "libfreerdp/codec/zgfx.c"
},
"id": "CVE-2018-8784-3ee578e2",
"digest": {
"length": 498.0,
"function_hash": "5425658578842756555766032532911221974"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7",
"signature_type": "Line",
"target": {
"file": "libfreerdp/codec/zgfx.c"
},
"id": "CVE-2018-8784-99d08a87",
"digest": {
"line_hashes": [
"183004235591668635388793416221527180952",
"308551081678144123828325673808498648805",
"154313303284566741372749909479475738030",
"132884302306568066085333383287459666709",
"262492858770932996240150910068351063854",
"203702999331377103310646261393761919250",
"167380914164342764959401217543543095567",
"13540684346446715777637802021582209554",
"311891805920254916498775542912402450263",
"241516527663528718358904487599677710163",
"97308244726792857383179309575420684207",
"18665083726635648619654057544017589864",
"334986266750018248128782574845546139084",
"26307924798652688742837269370744161570",
"172851853559149624580627288319374799581",
"45345896685779517200997882316629828497",
"264274875738533249388971173521124600956",
"194011039796460496619575215719090768957",
"173226611019216288356929805813144347970",
"259557405479208692191625725125700443687",
"126584308940012886196255270920460352175",
"152539648080863676852541452921266141059",
"170170358519463512489981916209534205080"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7",
"signature_type": "Function",
"target": {
"function": "zgfx_decompress_segment",
"file": "libfreerdp/codec/zgfx.c"
},
"id": "CVE-2018-8784-e4341463",
"digest": {
"length": 2505.0,
"function_hash": "322517898482837905962037901991472629201"
},
"deprecated": false
}
]