← Back to CVE List

CVE-2021-41160

Published: 2021-10-21T19:15Z
Last Modified: 2024-11-21T06:25Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt