Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 8: MGASA-2022-0447 Moderate: FreeRDP Out Of Bound Read

mageia
Calendar Grey December 7, 2022
Dist Mageia Esm H88
Critical vulnerabilities found in FreeRDP prompt an urgent security patch for Mageia. Examine the advisory for specifics on impacted releases and available resolutions.
In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP

Summary

In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. (CVE-2022-39316)
Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. (CVE-2022-39317)
Affected versions of FreeRDP are missing input validation in 'urbdrc' channel. A malicious server can trick a FreeRDP based client to crash with division by zero. (CVE-2022-39318)
Affected versions of FreeRDP are missing input length validation in the 'urbdrc' channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. (CVE-2022-39319)
Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malici...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=31173

- https://ubuntu.com/security/notices/USN-5734-1

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg

- https://www.cve.org/CVERecord?id=CVE-2022-39316

- https://www.cve.org/CVERecord?id=CVE-2022-39317

- https://www.cve.org/CVERecord?id=CVE-2022-39318

- https://www.cve.org/CVERecord?id=CVE-2022-39319

- https://www.cve.org/CVERecord?id=CVE-2022-39320

- https://www.cve.org/CVERecord?id=CVE-2022-39347

Topics%20covered

Topics Covered

security advisory moderate fix Mageia FreeRDP out of bound read

Resolution

SRPMS

- 8/core/freerdp-2.2.0-1.4.mga8

Publication date: 06 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0447.html
Type: security
CVE: CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-39347

Topics%20covered

Topics Covered

security advisory moderate fix Mageia FreeRDP out of bound read

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here