FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption. Upstream patch: https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d
Created freerdp tracking bugs for this issue: Affects: epel-6 [bug 1671370]
Statement: This issue did not affect the versions of freerdp as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for ZGFX data compression.