Published: 12/05/2020 Updated: 01/09/2020
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 2.2 | Impact Score: 1.4 | Exploitability Score: 0.7
Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Vulnerability Summary

In FreeRDP after 1.1 and prior to 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.

Vulnerability Trend

Vendor Advisories

Several security issues were fixed in FreeRDP ...
Several security issues were fixed in FreeRDP ...

Recent Articles

Oracle Ties Previous All-Time Patch High with January Updates
Threatpost • Tara Seals • 14 Jan 2020

Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update (CPU). Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle’s previous all-time high for number of patches issued, in July 2019, which overtook its previous record of 308 in July 2017.
The company said in a pre-release announcement that some of the vulnerabilities affect multiple products. “Due to the threat ...