Calvinytt

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.24.2 **Description** FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.24.2 contain a heap-buffer-overflow READ vulnerability. This issue occurs due to a 24-byte buffer overflow before allocation within the `winpr aligned offset recalloc()` function. The issue has been addressed in version 3.24.2. **Recommendations** Update to version 3.24.2 or later.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.24.2 **Description** FreeRDP is a free implementation of the Remote Desktop Protocol. The `progressive decompress tile upgrade()` function detects a mismatch through `progressive rfx quant cmp equal()` but only emits a warning, allowing execution to continue. A wrapped value (247) is used as a shift exponent, leading to undefined behavior and a loop of approximately 80 billion iterations, resulting in a CPU denial of service (DoS). **Recommendations** Update to version 3.24.2 or later.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.24.2 **Description** FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a heap buffer overflow exists in the `resize vbar entry()` function located in `libfreerdp/codec/clear.c`. Specifically, the `vBarEntry->size` variable is updated to `vBarEntry->count` before the `winpr aligned recalloc()` call. If the reallocation fails, the `size` variable becomes inflated while the `pixels` pointer still references the original, smaller buffer. A subsequent call, where `count` is less than or equal to the inflated `size`, bypasses the reallocation process. This allows the caller to write `count * bpp` bytes of attacker-controlled pixel data into the undersized buffer, resulting in a heap buffer overflow. **Recommendations** Versions prior to 3.24.2 should be updated to version 3.24.2 or later.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.24.2 **Description** FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.24.2 are susceptible to a flaw where pixel data from adjacent heap memory is rendered to the screen, potentially exposing sensitive data to an attacker. **Recommendations** Update to version 3.24.2 or later.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.24.2 **Description** FreeRDP is a free implementation of the Remote Desktop Protocol. In versions prior to 3.24.2, the `yuv ensure buffer()` function within `libfreerdp/codec/h264.c` updates `h264->width` and `h264->height` before the reallocation loop. If a call to `winpr aligned recalloc()` fails, the function returns FALSE, but the `width` and `height` variables are already inflated, potentially leading to issues. **Recommendations** Update to version 3.24.2 or later.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.24.2 **Description** FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an issue exists in the `persistent cache read entry v3()` function within `libfreerdp/cache/persistent.c`. Specifically, the `persistent->bmpSize` variable is updated before the `winpr aligned recalloc()` function is called. If the `realloc` operation fails, `bmpSize` becomes inflated while `bmpData` continues to point to the original buffer. **Recommendations** Update to version 3.24.2 or later.