Lucene search

[email protected]CVE-2014-0250

HistoryNov 16, 2014 - 5:59 p.m.

CVE-2014-0250

2014-11-1617:59:01

CWE-189

[email protected]

web.nvd.nist.gov

cve-2014-0250

freerdp

integer overflow

x11

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.

Affected configurations

NVD

Node

freerdpfreerdpMatch1.0.0

freerdpfreerdpMatch1.0.1

freerdpfreerdpMatch1.0.2

Node

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

CPENameOperatorVersion
freerdp:freerdpfreerdpeq1.0.0
freerdp:freerdpfreerdpeq1.0.1
freerdp:freerdpfreerdpeq1.0.2

CPE	Name	Operator	Version
freerdp:freerdp	freerdp	eq	1.0.0
freerdp:freerdp	freerdp	eq	1.0.1
freerdp:freerdp	freerdp	eq	1.0.2

References

advisories.mageia.org/MGASA-2014-0287.html

lists.opensuse.org/opensuse-updates/2014-07/msg00008.html

seclists.org/oss-sec/2014/q2/365

security.gentoo.org/glsa/glsa-201412-18.xml

www.mandriva.com/security/advisories?name=MDVSA-2015:171

www.securityfocus.com/bid/67670

bugzilla.redhat.com/show_bug.cgi?id=998934

github.com/FreeRDP/FreeRDP/issues/1871

github.com/FreeRDP/FreeRDP/pull/1874

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

Related for CVE-2014-0250

gentoo1 openvas6 debiancve1 prion1 cvelist1 nvd1 ubuntucve1 nessus9 mageia1 securityvulns1 ubuntu1