vulnerability
Red Hat: CVE-2024-32460: freerdp: OutOfBound Read in interleaved_decompress (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Apr 22, 2024 | Nov 13, 2024 | Jul 9, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Apr 22, 2024
Added
Nov 13, 2024
Modified
Jul 9, 2025
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.
Solution(s)
no-fix-redhat-rpm-packageredhat-upgrade-freerdpredhat-upgrade-freerdp-debuginforedhat-upgrade-freerdp-debugsourceredhat-upgrade-freerdp-develredhat-upgrade-freerdp-libsredhat-upgrade-freerdp-libs-debuginforedhat-upgrade-libwinprredhat-upgrade-libwinpr-debuginforedhat-upgrade-libwinpr-devel
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.