CVE-2023-40187

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.0.0-beta3

Description The issue is related to a Use-After-Free problem in the avc420 ensure buffer and avc444 ensure buffer functions of the FreeRDP client. This occurs when the value of piDstSize[x] is 0, causing ppYUVDstData[x] to be freed without being updated, leading to a Use-After-Free vulnerability. Exploitation of this issue could allow a remote attacker to cause a denial of service or other impact.

Recommendations For FreeRDP versions prior to 3.0.0-beta3, upgrade to version 3.0.0-beta3 or later to address the issue. As a temporary workaround, consider restricting the use of the avc420 ensure buffer and avc444 ensure buffer functions until a patch is available. However, it is advised that there are no known workarounds for this vulnerability, and upgrading is the recommended course of action.