CVE-2022-39316

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 2.9.0

Description The issue is related to an out of bound read in the ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it, likely resulting in a crash. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 2.9.0, upgrade to version 2.9.0 or later to address the issue. As a temporary workaround, consider restricting access to the ZGFX decoder component until a patch is available.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2023:2326

ALSA-2023:2851

ALT-PU-2022-3127

ALT-PU-2022-3189

ALT-PU-2022-3199

ALT-PU-2022-3288

BDU:2022-06969

CESA-2023_2851

CVE-2022-39316

DLA-3654-1

DLA-4053-1

GHSA-5W4J-MRRH-JJRM

MGASA-2022-0447

OESA-2022-2112

OPENSUSE-SU-2023_0399-1

OPENSUSE-SU-2024:12523-1

RHSA-2023:2326

RHSA-2023:2851

RHSA-2023_2326

RHSA-2023_2851

SUSE-SU-2023:0399-1

SUSE-SU-2023:0400-1

SUSE-SU-2023_0399-1

SUSE-SU-2023_0400-1

USN-5734-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Freerdp

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2022-39316

Weakness Enumeration

Related Identifiers

Affected Products

References · 92