{"id":"CVE-2018-8786","details":"FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.","modified":"2026-04-16T06:16:28.408366628Z","published":"2018-11-29T18:29:00.897Z","related":["SUSE-SU-2019:0134-1","SUSE-SU-2019:0539-1","SUSE-SU-2020:2272-1","openSUSE-SU-2019:0325-1","openSUSE-SU-2024:10768-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3845-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3845-2/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106938"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0697"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3"},{"type":"EVIDENCE","url":"https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"last_affected":"84f8161897534d9263ffebe43092827d40fc7ffb"},{"introduced":"0"},{"last_affected":"7a7b180277a9c04809bf07a54882d7c33eeeb9f9"},{"introduced":"0"},{"last_affected":"a4f147683db7aa99a6075aeaf7c698bc6ba84d11"},{"fixed":"445a5a42c500ceb80f8fa7f2c11f3682538033f3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.0-rc1"},{"introduced":"0"},{"last_affected":"2.0.0-rc2"},{"introduced":"0"},{"last_affected":"2.0.0-rc3"}]}}],"versions":["1.0-beta1","1.0-beta2","1.0-beta4","1.0-beta5","1.0.0","1.0.1","1.1.0-beta+2013071101","1.1.0-beta1","1.1.0-beta1+android2","1.1.0-beta1+android3","1.1.0-beta1+android4","1.1.0-beta1+android5","1.1.0-beta1+ios1","1.1.0-beta1+ios2","1.1.0-beta1+ios3","1.1.0-beta1+ios4","1.2.0-beta1+android7","1.2.0-beta1+android9","2.0.0-beta1+android10","2.0.0-beta1+android11","2.0.0-rc0","2.0.0-rc1","2.0.0-rc2","2.0.0-rc3"],"database_specific":{"vanir_signatures_modified":"2026-04-11T11:39:55Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8786.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"28"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"vanir_signatures":[{"signature_type":"Line","source":"https://github.com/freerdp/freerdp/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3","target":{"file":"libfreerdp/core/update.c"},"id":"CVE-2018-8786-329bcc0f","digest":{"threshold":0.9,"line_hashes":["277412402092088770970227068718825036570","19949609365906676926611150519084190162","173837865023928608710399833805419044716","38405521424971384750527164843034544433","381943150044839693544949876781249402","84888265312188415829015054362422333548","64004066360059197763567408381924309212","18415665860704505989511078769674884176"]},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","source":"https://github.com/freerdp/freerdp/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3","target":{"function":"update_read_bitmap_update","file":"libfreerdp/core/update.c"},"id":"CVE-2018-8786-bd281f72","signature_version":"v1","deprecated":false,"digest":{"length":834,"function_hash":"257981003131345004245955199540566677553"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}