In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.
Created freerdp tracking bugs for this issue:
Affects: epel-all [bug 1854873]
Affects: fedora-all [bug 1854872]
Do not run the freerdp client with the +glyph-cache and /relax-order-checks options.
In libfreerdp/core/orders.c update_recv_secondary_order(), Stream_Seek() was replaced with Stream_SafeSeek() and a length variable computed in reverse order to avoid an incorrect version between numeric types. This flaw affects freerdp CLIENTs only.
This flaw does not affect versions of freerdp as shipped with any version of Red Hat Enterprise Linux as the vulnerable code was introduced in a newer version of freerdp.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):