{"id":"CVE-2020-11042","details":"In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -\u003e 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.","modified":"2026-03-20T11:31:35.067411Z","published":"2020-05-07T19:15:11.673Z","related":["ALSA-2020:4647","GHSA-9jp6-5vf2-cx2q","MGASA-2020-0297"],"references":[{"type":"ADVISORY","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4379-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4382-1/"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"},{"type":"EVIDENCE","url":"https://github.com/FreeRDP/FreeRDP/issues/6010"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"fixed":"5ab2bed8749747b8e4b2ed431fd102bc726be684"},{"fixed":"6b2bc41935e53b0034fe5948aeeab4f32e80f30f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.0"}]}}],"versions":["1.0-beta1","1.0-beta2","1.0-beta3","1.0-beta4","1.0-beta5","1.0.0","1.0.1","1.1.0-beta+2013071101","1.1.0-beta1","1.1.0-beta1+android2","1.1.0-beta1+android3","1.1.0-beta1+android4","1.1.0-beta1+android5","1.1.0-beta1+ios1","1.1.0-beta1+ios2","1.1.0-beta1+ios3","1.1.0-beta1+ios4","1.2.0-beta1+android7","1.2.0-beta1+android9","2.0.0-beta1+android10","2.0.0-beta1+android11","2.0.0-rc0","2.0.0-rc1","2.0.0-rc2","2.0.0-rc3","2.0.0-rc4"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","deprecated":false,"id":"CVE-2020-11042-707d3e28","target":{"file":"libfreerdp/core/window.c"},"source":"https://github.com/freerdp/freerdp/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["245478157580288077938691969241514640113","144995747847440394927948987958498610748","27374538333814787306478926356152992207","72880984689149188431470676440037075942","143640985412955185735086451262812126366","159128610546257402970072929139224016648","257177602020746093006188546336652873362","227252963848754794315561741810987760334","10797477995769194668121582849593184147","89381222229867756753414698960546182383","24418834961216616411511276962128611998","210095314259370799883337283356498697225","141744073931953096778815602644023320502","163415568604845025164965635016105576448","283169427131773299703586695811719715197","20928499872173637578828929195863500753","96505305098348535455499397921450666604","163683026081918108688454203231968386637"]}},{"signature_type":"Function","deprecated":false,"id":"CVE-2020-11042-c483461f","target":{"file":"libfreerdp/core/window.c","function":"update_read_icon_info"},"source":"https://github.com/freerdp/freerdp/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f","signature_version":"v1","digest":{"function_hash":"276930435688057764514499941329299433229","length":2007}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11042.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H"}]}