CVE-2025-4478

NameCVE-2025-4478
DescriptionA flaw was found in the gnome-remote-desktop used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1105917

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnome-remote-desktop (PTS)bullseye0.1.9-5vulnerable
bookworm43.3-1vulnerable
trixie48.1-1vulnerable
sid48.1-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnome-remote-desktopsource(unstable)(unfixed)1105917

Notes

[bookworm] - gnome-remote-desktop <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=2365232
Related: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
Search for package or bug name: Reporting problems