CVE-2023-40187

Name	CVE-2023-40187
Description	FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_ensure_buffer` and `avc444_ensure_buffer` functions. If the value of `piDstSize[x]` is 0, `ppYUVDstData[x]` will be freed. However, in this case `ppYUVDstData[x]` will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
freerdp (PTS)	jessie, jessie (lts)	1.1.0~git20140921.1.440916e+dfsg1-13~deb8u3	fixed
	stretch (security)	1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4	fixed
	stretch (lts), stretch	1.1.0~git20140921.1.440916e+dfsg1-13+deb9u6	fixed
freerdp2 (PTS)	buster	2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2	fixed
	buster (security)	2.3.0+dfsg1-2+deb10u4	fixed
	bullseye	2.3.0+dfsg1-2+deb11u1	fixed
	bookworm	2.10.0+dfsg1-1	fixed
	sid, trixie	2.11.5+dfsg1-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
freerdp	source	(unstable)	(not affected)
freerdp2	source	(unstable)	(not affected)

Notes

- freerdp2 <not-affected> (Vulnerable code introduced in 3.0.0-beta1)
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pwf9-v5p9-ch4f
Introduced by: https://github.com/FreeRDP/FreeRDP/commit/f34679397024a67ce6d568aad9ede19a8858b6f3 (3.0.0-beta1)
Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ab31e8ba6ab3b4dd0183929cfb00bd5e797c402c (3.0.0-beta3)
- freerdp <not-affected> (Vulnerable code introduced in 3.0.0-beta1)