Vulnerability Details : CVE-2014-0250
Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.
Products affected by CVE-2014-0250
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:1.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0250
1.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0250
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-0250
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0250
-
http://advisories.mageia.org/MGASA-2014-0287.html
Mageia Advisory: MGASA-2014-0287 - Updated freerdp packages fix two vulnerabilities
-
http://security.gentoo.org/glsa/glsa-201412-18.xml
FreeRDP: User-assisted execution of arbitrary code (GLSA 201412-18) — Gentoo security
-
https://bugzilla.redhat.com/show_bug.cgi?id=998934
998934 – (CVE-2014-0250) CVE-2014-0250 freerdp: integer overflows in memory allocations in client/X11/xf_graphics.cVendor Advisory
-
https://github.com/FreeRDP/FreeRDP/pull/1874
Fixes for CVE-2014-0250 by hardening · Pull Request #1874 · FreeRDP/FreeRDP · GitHub
-
http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html
openSUSE-SU-2014:0862-1: moderate: freerdp: Fixes for integer overflows
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:171
mandriva.com
-
http://www.securityfocus.com/bid/67670
FreeRDP 'client/X11/xf_graphics.c' Multiple Integer Overflow Vulnerabilities
-
https://github.com/FreeRDP/FreeRDP/issues/1871
integer overflows in memory allocations in client/X11/xf_graphics.c · Issue #1871 · FreeRDP/FreeRDP · GitHubVendor Advisory
-
http://seclists.org/oss-sec/2014/q2/365
oss-sec: freerdp: integer overflows in memory allocations in client/X11/xf_graphics.c
Jump to