CVE-2022-39283

high

Description

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.

References

https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh

https://security.gentoo.org/glsa/202210-24

https://lists.fedoraproject.org/archives/list/[email protected]/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/

https://lists.fedoraproject.org/archives/list/[email protected]/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME/

https://lists.fedoraproject.org/archives/list/[email protected]/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/

Details

Source: MITRE

Published: 2022-10-12

Updated: 2023-02-23

Type: CWE-125