CVE-2023-39356

Summary

CVE-2023-39356 is a vulnerability affecting FreeRDP, an open-source implementation of the Remote Desktop Protocol (RDP). The flaw, present in affected versions, involves a missing offset validation in the `gdi_multi_opaque_rect` function. This issue allows an Out-of-Bounds Read error, which may result in a crash. The vulnerability occurs due to insufficient checks on the `multi_opaque_rect->numRectangles` value, which can exceed the expected limit of 44. FreeRDP users are strongly advised to upgrade to versions 2.11.0 or 3.0.0-beta3 to address this issue. No workarounds are available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.