{"api_version":"1","generated_at":"2026-04-23T09:38:14+00:00","cve":"CVE-2020-15103","urls":{"html":"https://cve.report/CVE-2020-15103","api":"https://cve.report/api/cve/CVE-2020-15103.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-15103","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-15103"},"summary":{"title":"CVE-2020-15103","description":"In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2020-07-27 18:15:00","updated_at":"2023-11-07 03:17:00"},"problem_types":["CWE-680"],"metrics":[],"references":[{"url":"https://usn.ubuntu.com/4481-1/","name":"USN-4481-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-4481-1: FreeRDP vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/FreeRDP/FreeRDP/pull/6382","name":"https://github.com/FreeRDP/FreeRDP/pull/6382","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"FreeRDP security and version 2.2.0 release by bmiklautz · Pull Request #6382 · FreeRDP/FreeRDP · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4","name":"https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4","refsource":"MISC","tags":["Release Notes","Third Party Advisory"],"title":"FreeRDP/ChangeLog at 616af2d5b86dc24c7b3e89870dbcffd841d9a535 · FreeRDP/FreeRDP · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","name":"FEDORA-2020-8d5f86e29a","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 32 Update: freerdp-2.2.0-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/","name":"FEDORA-2020-8d5f86e29a","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: freerdp-2.2.0-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","name":"FEDORA-2020-a3432485db","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 31 Update: freerdp-2.2.0-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html","name":"openSUSE-SU-2020:1332","refsource":"SUSE","tags":["Mailing List","Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2020:1332-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html","name":"[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3606-1] freerdp2 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/","name":"FEDORA-2020-a3432485db","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: freerdp-2.2.0-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9","name":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Integer overflow in RDPEGFX channel · Advisory · FreeRDP/FreeRDP · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-15103","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15103","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"2.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"freerdp","cpe5":"freerdp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15103","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-15103","qid":"159221","title":"Oracle Enterprise Linux Security Update for freerdp (ELSA-2021-1849)"},{"cve":"CVE-2020-15103","qid":"239295","title":"Red Hat Update for freerdp (RHSA-2021:1849)"},{"cve":"CVE-2020-15103","qid":"500966","title":"Alpine Linux Security Update for freerdp"},{"cve":"CVE-2020-15103","qid":"6000137","title":"Debian Security Update for freerdp2 (DLA 3606-1)"},{"cve":"CVE-2020-15103","qid":"671555","title":"EulerOS Security Update for freerdp (EulerOS-SA-2022-1564)"},{"cve":"CVE-2020-15103","qid":"690484","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for freerdp (a955cdb7-d089-11ea-8c6f-080027eedc6a)"},{"cve":"CVE-2020-15103","qid":"750634","title":"OpenSUSE Security Update for freerdp (openSUSE-SU-2020:1332-1)"},{"cve":"CVE-2020-15103","qid":"940286","title":"AlmaLinux Security Update for freerdp (ALSA-2021:1849)"},{"cve":"CVE-2020-15103","qid":"960882","title":"Rocky Linux Security Update for freerdp (RLSA-2021:1849)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2020-15103","STATE":"PUBLIC","TITLE":"Integer Overflow in FreeRDP"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"FreeRDP","version":{"version_data":[{"version_value":"<= 2.1.2"}]}}]},"vendor_name":"FreeRDP"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":3.5,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-680: Integer Overflow to Buffer Overflow"}]}]},"references":{"reference_data":[{"name":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9","refsource":"CONFIRM","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9"},{"name":"https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4","refsource":"MISC","url":"https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4"},{"name":"https://github.com/FreeRDP/FreeRDP/pull/6382","refsource":"MISC","url":"https://github.com/FreeRDP/FreeRDP/pull/6382"},{"refsource":"FEDORA","name":"FEDORA-2020-8d5f86e29a","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/"},{"refsource":"FEDORA","name":"FEDORA-2020-a3432485db","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1332","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html"},{"refsource":"UBUNTU","name":"USN-4481-1","url":"https://usn.ubuntu.com/4481-1/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"}]},"source":{"advisory":"GHSA-4r38-6hq7-j3j9","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2020-07-27 18:15:00","lastModifiedDate":"2023-11-07 03:17:00","problem_types":["CWE-680"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":3.5,"baseSeverity":"LOW"},"exploitabilityScore":2.1,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"15103","Ordinal":"176482","Title":"CVE-2020-15103","CVE":"CVE-2020-15103","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"15103","Ordinal":"1","NoteData":"In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto","Type":"Description","Title":null},{"CveYear":"2020","CveId":"15103","Ordinal":"2","NoteData":"2020-07-27","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"15103","Ordinal":"3","NoteData":"2020-09-08","Type":"Other","Title":"Modified"}]}}}