CVE-2022-39283

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 2.8.1

Description The issue is related to a buffer overflow in the FreeRDP client when using the /video command line switch, potentially allowing a remote attacker to access, modify, or delete audio/video data. The vulnerability can cause the client to read uninitialized data, decode it as audio/video, and display the result. FreeRDP based server implementations are not affected.

Recommendations For versions prior to 2.8.1, upgrade to version 2.8.1 to resolve the issue. As a temporary workaround, consider not using the /video command line switch until a patch is available.

Exploit

Fix

Information Disclosure

Use of Uninitialized Resource

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-908CWE-125

Related Identifiers

ALSA-2023:2326

ALSA-2023:2851

ALT-PU-2022-2857

ALT-PU-2022-2872

ALT-PU-2022-2881

ALT-PU-2022-3288

BDU:2022-06362

CESA-2023_2851

CVE-2022-39283

DLA-3654-1

DLA-4053-1

GHSA-6CF9-3328-QRVH

MGASA-2022-0437

OESA-2022-2018

OPENSUSE-SU-2022_3982-1

OPENSUSE-SU-2022_3983-1

OPENSUSE-SU-2024:12515-1

RHSA-2023:2326

RHSA-2023:2851

RHSA-2023_2326

RHSA-2023_2851

SUSE-SU-2022:3982-1

SUSE-SU-2022:3983-1

SUSE-SU-2022:3984-1

USN-5734-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Freerdp

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2022-39283

Weakness Enumeration

Related Identifiers

Affected Products

References · 86