In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdrreadformat_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "71316678263115778470361329507058901950", "63540122468191937103107350026873264224", "311802106057008330910831195565484748179", "88442219528543279340249984410341899042", "236818773394248061081604530974740996276", "188729803353912925768022284096116154610", "293512685827824235715399093202038882692", "303579114188168452838756809606480706429", "179242171078527379441438291443595260482", "302037644450793362830990252107106706781", "146437598717710508212057032060629376952", "235305518902367730881752776020597392161", "50943607780670792684217141734050961231", "123992897057392158834041219569317059238", "40090623701415119895798417467188135203", "286002698754695699978868173551371204746", "302052338601759565961793481301062284411", "277093999041538559639943319074156391720", "277141907495603272338991899375378398784", "142681840246704475630993268288687255286", "80882954800859107975839822879316711483", "242917856516449484351546313598304823768", "90002681359153429517644005190282609344", "270599820833287275900354347987663515905", "69249738883686318625784588559319402728", "140534088899720478760109524424776359714", "6724464783301728266773941107946349830", "68012983517036978521471149854357420895", "190881312875784621904566973360819377987", "290661054656205251552765610330640869365", "236773350137408637406022177098079034092", "161914990398887684308944318483944182596", "28094127606236728584947771229130378881", "261208175590299138782560971748175296319", "198022217380900924977634518515279232974", "143363212442148630519679484952946530092", "1862429887198272228960351469094143062", "320513254749327974737313484633090497241", "61865209773854207088033365335746998841", "85622312806252130597541212747606045509", "242061107344308146823141931199971851084", "154951889956189150162155649308559968549", "333074141710635353878506192750459148821", "42991730476459113061517562994418791933", "73407017586669018435370851976057873903", "274315285384316596409966189737972590473", "253837040126099377684797670937259048718", "134981268559330297806103413679847795898", "43848114785217618350281904280907089912", "156897186441098143467104864261377628438", "13762095066347915966923166648613850754", "98784604065071455925477951613183686823", "178210971650513841795867552392509721741", "239510412079081844005262062076557384060", "97459586985064186049107643206241299674", "109788831402041431437678269657099952938", "112837127432810834075814414088636631573", "82837114165069312548998727252748101455", "140684051045228495882257140720527403055", "29881999773071381577645871117215415039", "65327241217629519474646358662864571792", "242917856516449484351546313598304823768", "90002681359153429517644005190282609344", "270599820833287275900354347987663515905", "69249738883686318625784588559319402728", "140534088899720478760109524424776359714", "237440932411539319025246595566403433322", "237313903587175490261517822050382511294", "40458288375686759039193567450145013751", "13762095066347915966923166648613850754", "98784604065071455925477951613183686823", "283243182047922977302967365559067510904", "166649452894050414951209799627045583941", "233458237148110770808869733437285346947", "264140427637266464769222973233060825673", "155020585740210069062249668437140249077", "279660447524612550405022729842507346376", "86593094957984328246734838956643369060", "114562740066795314256878973389545787428", "137889393503785426591652500460413235763", "196522287637891272989044520842238604457", "87240964693278567559417378805484388620", "160829556722421556631171694962899545382", "299579115608152455135066254831344267687", "18395718106416549509875697073289109413", "338933464859641274762573489005231306344" ] }, "signature_type": "Line", "source": "https://github.com/freerdp/freerdp/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821", "target": { "file": "channels/cliprdr/cliprdr_common.c" }, "signature_version": "v1", "deprecated": false, "id": "CVE-2020-11085-2400b53d" }, { "digest": { "function_hash": "126903225979021343612758508297033349238", "length": 2709.0 }, "signature_type": "Function", "source": "https://github.com/freerdp/freerdp/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821", "target": { "file": "channels/cliprdr/cliprdr_common.c", "function": "cliprdr_read_format_list" }, "signature_version": "v1", "deprecated": false, "id": "CVE-2020-11085-3c487e8d" }, { "digest": { "function_hash": "286899962749782026485367568772545424260", "length": 252.0 }, "signature_type": "Function", "source": "https://github.com/freerdp/freerdp/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821", "target": { "file": "channels/cliprdr/cliprdr_common.c", "function": "cliprdr_free_format_list" }, "signature_version": "v1", "deprecated": false, "id": "CVE-2020-11085-53068257" } ] }