CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2014-0250
https://notcve.org/view.php?id=CVE-2014-0250
Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. Múltiples desbordamientos de enteros en client/x11/xf_graphics.c en FreeRDP permite a atacantes remotos tener un impacto no especificado a través de la anchura y la altura de la función (1) xf_Pointer_New o (2) xf_Bitmap_Decompress, lo que provoca que se intenten asignar cantidades incorrectas de memoria. • http://advisories.mageia.org/MGASA-2014-0287.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html http://seclists.org/oss-sec/2014/q2/365 http://security.gentoo.org/glsa/glsa-201412-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2015:171 http://www.securityfocus.com/bid/67670 https://bugzilla.redhat.com/show_bug.cgi?id=998934 https://github.com/FreeRDP/FreeRDP/issues/1871 https://github.com/FreeRDP/FreeRDP/pull/1874 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-0791
https://notcve.org/view.php?id=CVE-2014-0791
Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. Desbordamiento de entero en la función license_read_scope_list en libfreerdp/core/license.c FreeRDP hasta la versión 1.0.2 permite a servidores RDP remotos causar denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un valor ScopeCount grande en un paquete Server License Request. • http://advisories.mageia.org/MGASA-2014-0287.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html http://openwall.com/lists/oss-security/2014/01/02/5 http://openwall.com/lists/oss-security/2014/01/03/4 http://www.mandriva.com/security/advisories?name=MDVSA-2015:171 https://bugzilla.redhat.com/show_bug.cgi?id=998941 https://g • CWE-189: Numeric Errors •