vulnerability

FreeBSD: VID-a955cdb7-d089-11ea-8c6f-080027eedc6a (CVE-2020-15103): FreeRDP -- Integer overflow in RDPEGFX channel

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:N/AC:M/Au:S/C:N/I:N/A:P)	Jul 28, 2020	Jul 29, 2020	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:N/A:P)

Published

Jul 28, 2020

Added

Jul 29, 2020

Modified

Dec 10, 2025

Description

Bernhard Miklautz reports: Integer overflow due to missing input sanitation in rdpegfx channel All FreeRDP clients are affected The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a memcpy)

Solution

freebsd-upgrade-package-freerdp

References

CVE-2020-15103
https://attackerkb.com/topics/CVE-2020-15103
CWE-680
CWE-190

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today