rdesktop CVE Vulnerabilities & Metrics

Focus on rdesktop vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About rdesktop Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with rdesktop. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total rdesktop CVEs: 20
Earliest CVE date: 12 May 2008, 16:20 UTC
Latest CVE date: 30 Oct 2019, 16:15 UTC

Latest CVE reference: CVE-2019-15682

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical rdesktop CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.55

Max CVSS: 9.3

Critical CVEs (≥9): 3

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	11
7.0-8.9	10
9.0-10.0	3

CVSS Distribution Chart

Top 5 Highest CVSS rdesktop CVEs

These are the five CVEs with the highest CVSS scores for rdesktop, sorted by severity first and recency.

CVE-2008-1803 rdesktop Published on 12 May 2008, 22:20 UTC (CVSS: 9.3)
Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher.
CVE-2008-1801 rdesktop Published on 12 May 2008, 16:20 UTC (CVSS: 9.3)
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
CVE-2008-1802 rdesktop Published on 12 May 2008, 16:20 UTC (CVSS: 9.3)
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
CVE-2018-20182 rdesktop Published on 15 Mar 2019, 18:29 UTC (CVSS: 7.5)
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
CVE-2018-20181 rdesktop Published on 15 Mar 2019, 18:29 UTC (CVSS: 7.5)
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.

All CVEs for rdesktop

CVE-2019-15682 rdesktop vulnerability CVSS: 5.0 30 Oct 2019, 16:15 UTC

RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5

CVE-2018-20182 rdesktop vulnerability CVSS: 7.5 15 Mar 2019, 18:29 UTC

rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.

CVE-2018-20181 rdesktop vulnerability CVSS: 7.5 15 Mar 2019, 18:29 UTC

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.

CVE-2018-20180 rdesktop vulnerability CVSS: 7.5 15 Mar 2019, 18:29 UTC

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.

CVE-2018-20179 rdesktop vulnerability CVSS: 7.5 15 Mar 2019, 18:29 UTC

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.

CVE-2018-20178 rdesktop vulnerability CVSS: 5.0 15 Mar 2019, 18:29 UTC

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).

CVE-2018-20177 rdesktop vulnerability CVSS: 7.5 15 Mar 2019, 18:29 UTC

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.

CVE-2018-20176 rdesktop vulnerability CVSS: 5.0 15 Mar 2019, 18:29 UTC

rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).

CVE-2018-20175 rdesktop vulnerability CVSS: 5.0 15 Mar 2019, 18:29 UTC

rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).

CVE-2018-20174 rdesktop vulnerability CVSS: 5.0 15 Mar 2019, 18:29 UTC

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.

CVE-2018-8800 rdesktop vulnerability CVSS: 7.5 05 Feb 2019, 20:29 UTC

rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.

CVE-2018-8799 rdesktop vulnerability CVSS: 5.0 05 Feb 2019, 20:29 UTC

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).

CVE-2018-8798 rdesktop vulnerability CVSS: 5.0 05 Feb 2019, 20:29 UTC

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.

CVE-2018-8797 rdesktop vulnerability CVSS: 7.5 05 Feb 2019, 20:29 UTC

rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.

CVE-2018-8796 rdesktop vulnerability CVSS: 5.0 05 Feb 2019, 20:29 UTC

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).

CVE-2018-8795 rdesktop vulnerability CVSS: 7.5 05 Feb 2019, 20:29 UTC

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.

CVE-2018-8794 rdesktop vulnerability CVSS: 7.5 05 Feb 2019, 20:29 UTC

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.

CVE-2018-8793 rdesktop vulnerability CVSS: 7.5 05 Feb 2019, 20:29 UTC

rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.

CVE-2018-8792 rdesktop vulnerability CVSS: 5.0 05 Feb 2019, 20:29 UTC

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).

CVE-2018-8791 rdesktop vulnerability CVSS: 5.0 05 Feb 2019, 20:29 UTC

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.

CVE-2011-1595 rdesktop vulnerability CVSS: 4.3 24 May 2011, 23:55 UTC

Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.

CVE-2008-1803 rdesktop vulnerability CVSS: 9.3 12 May 2008, 22:20 UTC

Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher.

CVE-2008-1801 rdesktop vulnerability CVSS: 9.3 12 May 2008, 16:20 UTC

Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.

CVE-2008-1802 rdesktop vulnerability CVSS: 9.3 12 May 2008, 16:20 UTC

Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.