vulnerability

Alma Linux: CVE-2023-39351: Moderate: freerdp security update (ALSA-2024-2208)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Aug 31, 2023	May 8, 2024	Mar 31, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Aug 31, 2023

Added

May 8, 2024

Modified

Mar 31, 2026

Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Solutions

alma-upgrade-freerdpalma-upgrade-freerdp-develalma-upgrade-freerdp-libsalma-upgrade-libwinpralma-upgrade-libwinpr-devel

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report