{"id":"CVE-2018-8785","details":"FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.","modified":"2026-04-16T06:21:00.664507846Z","published":"2018-11-29T18:29:00.850Z","related":["SUSE-SU-2019:0134-1","SUSE-SU-2019:0539-1","SUSE-SU-2020:2272-1","openSUSE-SU-2019:0325-1","openSUSE-SU-2024:10768-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106938"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3845-1/"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d"},{"type":"EVIDENCE","url":"https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"last_affected":"84f8161897534d9263ffebe43092827d40fc7ffb"},{"introduced":"0"},{"last_affected":"7a7b180277a9c04809bf07a54882d7c33eeeb9f9"},{"introduced":"0"},{"last_affected":"a4f147683db7aa99a6075aeaf7c698bc6ba84d11"},{"fixed":"602f4a2e14b41703b5f431de3154cd46a5750a2d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.0-rc1"},{"introduced":"0"},{"last_affected":"2.0.0-rc2"},{"introduced":"0"},{"last_affected":"2.0.0-rc3"}]}}],"versions":["1.0-beta1","1.0-beta2","1.0-beta4","1.0-beta5","1.0.0","1.0.1","1.1.0-beta+2013071101","1.1.0-beta1","1.1.0-beta1+android2","1.1.0-beta1+android3","1.1.0-beta1+android4","1.1.0-beta1+android5","1.1.0-beta1+ios1","1.1.0-beta1+ios2","1.1.0-beta1+ios3","1.1.0-beta1+ios4","1.2.0-beta1+android7","1.2.0-beta1+android9","2.0.0-beta1+android10","2.0.0-beta1+android11","2.0.0-rc0","2.0.0-rc1","2.0.0-rc2","2.0.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8785.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]}],"vanir_signatures":[{"target":{"file":"include/freerdp/codec/zgfx.h"},"deprecated":false,"source":"https://github.com/freerdp/freerdp/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["171318857615434305103868353373347401026","126879061704302225276850893636598577061","288643554774339084636302020916721372641","159575444503892091637188374424194233139","125803571012187168895245295538840102256","108301676587632000074685429447527943786","89964981123251029047856481982713146609","28465286330426044407674087024628006927","193279538454069526369357701508561593718","255025816971852424310420464121101197015","187165041423917341570922348636573559671","297328310955153656922954370780556935392","114946725377952051774154391136204482136","281565084121182456440438764274530564272","169132286192010401475866937038799914034","21022000495400926784530149428950853035","194185210989642556862374418840857631169","290394900242427724301642579796475088070","63040545597896007387126346079048702373","22947327746539632036195003880151043527","271294670260486936320213940862031675261","40276754901763998729403347250462254840","282953022741559062865115942210257831115","218481686813916003269010678079394500200","138285938561986672094772847282166150604","82154962552781615333622910154204477798"],"threshold":0.9},"id":"CVE-2018-8785-3d6dbd58"},{"target":{"file":"libfreerdp/codec/zgfx.c"},"deprecated":false,"signature_type":"Line","source":"https://github.com/freerdp/freerdp/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d","signature_version":"v1","digest":{"line_hashes":["211914859406272048573373643485869386910","316350969647573345033485944242927935086","153924358498147806064550232867249625971","126773402608693904588725442629026589446","108555450789418878317743574318509310160","249444082236265128818936789362674969404","43524453607316201734781905139916788412","48704473415701958551739302285835797960","11746768229264577638097488343907716083","225093502494380624320366450649808787381","198164708002154154246585153268708514531","134026908840211233980241665155009683149","138250544759356659348855944840383257036","210485603361963462901156634949968695014","100840972518471233083017063461192225496","70288751856035211943902779333071366924","177574237666916054501961411928866636758","161221231866629027214656856789443898455","101872172283870639836839087345183776244","183004235591668635388793416221527180952","298437649471649633217563878836004963970","162385472100725117259729598207822881628","41129031060202863644482772229506692175","163544055115317878678278670022642165044","44557879043890664797803257575318115529","248742884465377031765431311570760123739","7208140483740697429081407101494720205","250513356280408871578634457956152772412","204253732601500993850061503682101931295","317842043031219052224841167671528814571","61629990090585689138645113265582666227","72487069367910799934599230940372489812","32115507658897446478508603880977138723","250190675394565693826732313645398674976","134205791729633565030808541705002392880","37932144653196509795294570565074252538","173730070127955936737766131057075985370","322911572113625092808556063360395738938","312520690869848661702533878685298524250","232327484580217803780027448402567734932","338462065946862999126197961769730097949","29450727171727428683931461226081381870","157180894746439829196264389133068891759","28817316948103371617366834546336744576"],"threshold":0.9},"id":"CVE-2018-8785-4107a888"},{"target":{"file":"libfreerdp/codec/zgfx.c","function":"zgfx_decompress_segment"},"deprecated":false,"signature_type":"Function","signature_version":"v1","source":"https://github.com/freerdp/freerdp/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d","digest":{"length":2501,"function_hash":"125155827918534110536639891402660234831"},"id":"CVE-2018-8785-53557f21"},{"target":{"file":"libfreerdp/codec/zgfx.c","function":"zgfx_decompress"},"deprecated":false,"signature_type":"Function","source":"https://github.com/freerdp/freerdp/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d","signature_version":"v1","digest":{"length":1342,"function_hash":"291893467602469246699847469917400173775"},"id":"CVE-2018-8785-b37ca04e"}],"vanir_signatures_modified":"2026-04-11T11:39:56Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}