Security Advisory

CVE-2021-41160

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-21 00:00:00

Last updated 2025-11-03 20:33:53

Assigner GitHub_M

State PUBLISHED

Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

← Browse all CVEs View on cve.org ↗