SUSE 2023:4611-1 Moderate: 15 freerdp DoS Fixes Available
suse
November 29, 2023
* bsc#1214856 * bsc#1214857 * bsc#1214858 * bsc#1214859 * bsc#1214860
Summary
## This update for freerdp fixes the following issues: * CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856). * CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857). * CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858). * CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859). * CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#1214860). * CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (bsc#1214862). * CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (bsc#1214863).
References
* bsc#1214856
* bsc#1214857
* bsc#1214858
* bsc#1214859
* bsc#1214860
* bsc#1214862
* bsc#1214863
* bsc#1214864
* bsc#1214866
* bsc#1214867
* bsc#1214868
* bsc#1214869
* bsc#1214870
* bsc#1214871
* bsc#1214872
Cross-
* CVE-2023-39350
* CVE-2023-39351
* CVE-2023-39352
* CVE-2023-39353
* CVE-2023-39354
* CVE-2023-39356
* CVE-2023-40181
* CVE-2023-40186
* CVE-2023-40188
* CVE-2023-40567
* CVE-2023-40569
* CVE-2023-40574
* CVE-2023-40575
* CVE-2023-40576
* CVE-2023-40589
CVSS scores:
* CVE-2023-39350 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39350 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39351 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39351 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!