CRITICAL🇵🇱 Wersja polska

CVE-2024-32039

CVSS 9.8v3.1pub. 2024-04-22upd. 2025-11-03

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).

🤖 AI Analysis
How it works

The vulnerability is an integer overflow (CWE-190) that leads to out-of-bounds write in allocated memory buffer (CWE-787). The issue occurs in the graphics options handling path `/gfx`, which is active by default in FreeRDP clients. An attacker can send crafted data from a malicious or compromised RDP server, causing memory corruption in the client process.

Impact

An attacker can trigger arbitrary code execution (RCE) on the client machine or cause application crash, which in the worst case means complete takeover of the user system connecting through FreeRDP.

Mitigation & patch

FreeRDP should be updated to version 3.5.0 or 2.11.6. As a workaround, GFX options can be disabled by using `/bpp:32` or `/rfx` parameters when running the client, which deactivates the vulnerable code path (GFX is enabled by default).

Who is affected

FreeRDP clients based on FreeRDP versions earlier than 3.5.0 and earlier than 2.11.6, as well as Fedora packages containing vulnerable FreeRDP versions.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fedora Project Fedora

    OS
    Fedoraproject
    383940
  • Freerdp

    APP
    Freerdp
    < 2.11.63.0.0 – 3.5.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML

CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)

CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox

CVE-2023-6345CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Integer overflow w Skia w Google Chrome — sandbox escape