In FreeRDP greater than 1.2 and before 2.0.0, a double free in updatereadcachebitmapv3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.
{ "vanir_signatures": [ { "source": "https://github.com/freerdp/freerdp/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8", "signature_version": "v1", "signature_type": "Function", "id": "CVE-2020-11044-a2c1b62a", "target": { "file": "libfreerdp/core/orders.c", "function": "update_read_cache_bitmap_v3_order" }, "digest": { "function_hash": "278787847204833820847029511923891438512", "length": 1227.0 }, "deprecated": false }, { "source": "https://github.com/freerdp/freerdp/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8", "signature_version": "v1", "signature_type": "Line", "id": "CVE-2020-11044-f6ffb941", "target": { "file": "libfreerdp/core/orders.c" }, "digest": { "line_hashes": [ "154295903451593699172640170002347613145", "215238430475148051830578423123896012890", "58394384895448452232632480592333188592", "211382032873016045316673461894584669163" ], "threshold": 0.9 }, "deprecated": false } ] }