CVE-2024-32660 Information

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1 a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Reference

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47 https://oss-fuzz.com/testcase-detail/5559242514825216