{"id":"CVE-2020-4031","details":"In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.","modified":"2026-04-16T04:39:55.609114973Z","published":"2020-06-22T22:15:13.163Z","related":["GHSA-gwcq-hpq2-m74g","SUSE-SU-2020:2032-1","SUSE-SU-2020:2068-1","SUSE-SU-2020:2272-1","openSUSE-SU-2020:1090-1","openSUSE-SU-2024:10768-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4481-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"},{"type":"ADVISORY","url":"http://www.freerdp.com/2020/06/22/2_1_2-released"},{"type":"ADVISORY","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"fixed":"584efae073386e8c5f6bc265b05c87d508a9bcbc"},{"fixed":"6d86e20e1e7caaab4f0c7f89e36d32914dbccc52"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.2"}]}}],"versions":["1.0-beta1","1.0-beta2","1.0-beta4","1.0-beta5","1.0.0","1.0.1","1.1.0-beta+2013071101","1.1.0-beta1","1.1.0-beta1+android2","1.1.0-beta1+android3","1.1.0-beta1+android4","1.1.0-beta1+android5","1.1.0-beta1+ios1","1.1.0-beta1+ios2","1.1.0-beta1+ios3","1.1.0-beta1+ios4","1.2.0-beta1+android7","1.2.0-beta1+android9","2.0.0","2.0.0-beta1+android10","2.0.0-beta1+android11","2.0.0-rc0","2.0.0-rc1","2.0.0-rc2","2.0.0-rc3","2.0.0-rc4","2.1.0","2.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-4031.json","vanir_signatures":[{"signature_type":"Line","target":{"file":"server/shadow/shadow_server.c"},"id":"CVE-2020-4031-6d8a4e80","deprecated":false,"source":"https://github.com/freerdp/freerdp/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["206824409836018329107931826041728959867","260941141889332641186153920543010721710","244372807494333150934362210269961780669","11220332270728209492738135928567876790","109709125800227540552630846963918169160","280502749591609004556720326341572702766","272391707204034853583769809678780120114","153041246365193990729603684708156713072","297327554412935137345118440425799656686","234476187276609072557850772052902601274","320116423252867463164242454449601887554"]}},{"source":"https://github.com/freerdp/freerdp/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52","target":{"function":"shadow_server_start","file":"server/shadow/shadow_server.c"},"signature_type":"Function","deprecated":false,"id":"CVE-2020-4031-71f28b03","signature_version":"v1","digest":{"length":1409,"function_hash":"327365352117490775117547188598520203541"}}],"vanir_signatures_modified":"2026-04-11T16:25:23Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}