漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Heap-use-after-free in gdi_set_bounds
Vulnerability Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
FreeRDP 资源管理错误漏洞
Vulnerability Description
FreeRDP是FreeRDP团队的一款开源的远程桌面协议(RDP)的实现。 FreeRDP 3.21.0之前版本存在资源管理错误漏洞,该漏洞源于屏幕外位图删除后,gdi->drawing仍指向已释放的内存,当相关更新数据包到达时可能导致释放后重用,造成崩溃和潜在的堆损坏。
CVSS Information
N/A
Vulnerability Type
N/A