QID 356394

freerdp is a free implementation of the remote desktop protocol (rdp), released under the apache license.
This issue affects clients only.
Integer underflow leading to dos (e.g. abort due to `winpr_assert` with default compilation flags).
When an insufficient blocklen is provided, and proper length validation is not performed, an integer underflow occurs, leading to a denial of service (dos) vulnerability.
This issue has been addressed in versions 2.11.0 and 3.0.0-beta3.
Users are advised to upgrade.
There are no known workarounds for this vulnerability. (
( CVE-2023-39350) freerdp is a free implementation of the remote desktop protocol (rdp), released under the apache license.
Affected versions of freerdp are subject to a null pointer dereference leading a crash in the remotefx (rfx) handling.
inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numtiles.
If the initialization process of tiles is not completed for various reasons, tiles will have a null pointer.
Which may be accessed in further processing and would cause a program crash.
( CVE-2023-39351) freerdp is a free implementation of the remote desktop protocol (rdp), released under the apache license.
Affected versions are subject to a missing offset validation leading to out of bound read.
In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantidxy`, `tile->quantidxcb`, and `tile->quantidxcr`.
As a result crafted input can lead to an out of bounds read access which in turn will cause a crash.
Affected versions are subject to an out-of-bounds read in the `nsc_rle_decompress_data` function.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.