A flaw was found in rdesktop before 1.8.4. A issue in lspci_process function may lead to remote code execution.
Created rdesktop tracking bugs for this issue:
Affects: fedora-all [bug 1670427]
You need to connect to a malicious or a MITM RDP server in order to trigger this flaw. The malicious RDP server can cause a controlled buffer overflow on the client, which may result in code execution. However since the flaw can only be triggered by a specially crafted RDP server, this is why it is rated as having moderate security impact.