CVE-2022-39316

FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39316.json",
    "cwe_ids": [
        "CWE-125"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type

GIT

Repo

https://github.com/freerdp/freerdp

Events

Introduced

Fixed

fa8e1b1c765a4466030ac52240f052c0b440a4d1

Fixed

e865c24efc40ebc52e75979c94cdd4ee2c1495b0

Database specific

{
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.9.0"
        }
    ]
}

Affected versions

1.*

1.0-beta1

1.0-beta2

1.0-beta4

1.0-beta5

1.0.0

1.0.1

1.1.0-beta+2013071101

1.1.0-beta1

1.1.0-beta1+android2

1.1.0-beta1+android3

1.1.0-beta1+android4

1.1.0-beta1+android5

1.1.0-beta1+ios1

1.1.0-beta1+ios2

1.1.0-beta1+ios3

1.1.0-beta1+ios4

1.2.0-beta1+android7

1.2.0-beta1+android9

2.*

2.0.0

2.0.0-beta1+android10

2.0.0-beta1+android11

2.0.0-rc0

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

2.1.0

2.1.1

2.1.2

2.2.0

2.3.0

2.3.1

2.3.2

2.4.1

2.5.0

2.6.0

2.6.1

2.7.0

2.8.0

2.8.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39316.json"

vanir_signatures_modified

"2026-04-29T12:50:19Z"

vanir_signatures

[
    {
        "source": "https://github.com/freerdp/freerdp/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0",
        "digest": {
            "function_hash": "278258783424052940685679234326166195439",
            "length": 2886.0
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "function": "zgfx_decompress_segment",
            "file": "libfreerdp/codec/zgfx.c"
        },
        "deprecated": false,
        "id": "CVE-2022-39316-12d0c1e8"
    },
    {
        "source": "https://github.com/freerdp/freerdp/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0",
        "digest": {
            "line_hashes": [
                "105244159474417209741668245894207080553",
                "145152202868542375774476859796892961756",
                "238539686947048798319471843445534122681",
                "80026621179953235959439346033562579796",
                "167593777674933137631759666920491964498",
                "204957087889766732765611172814853117656",
                "220085568637183622298847937652800100011",
                "22818131137631788352040329321719107238",
                "151881833529585257716486259526591741859",
                "338835159946574188046446563930442269481",
                "321300896281335883865945393834969403358",
                "243385425763593922015293036493560544919",
                "241516527663528718358904487599677710163",
                "173510123952613838422459553498807247031",
                "259624219788147531595271838149797421091",
                "3919377486952779529315749039507290524"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "libfreerdp/codec/zgfx.c"
        },
        "deprecated": false,
        "id": "CVE-2022-39316-663f8917"
    }
]