FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption. Upstream patch: https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
Created freerdp tracking bugs for this issue: Affects: epel-6 [bug 1671370]
The attacker needs to either hijack the communication between a FreeRDP client and a valid server or he needs to compromise a server for the attack to be successful.
The memory corruption in update_read_bitmap_update() can be used to make the FreeRDP application crash or to execute arbitrary code in the context of the client system.
Created freerdp tracking bugs for this issue: Affects: fedora-all [bug 1684154]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0697 https://access.redhat.com/errata/RHSA-2019:0697