{"affected":[{"ecosystem_specific":{"binaries":[{"freerdp-devel":"2.1.2-12.38.1","libfreerdp2":"2.1.2-12.38.1","libwinpr2":"2.1.2-12.38.1","winpr2-devel":"2.1.2-12.38.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.2-12.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"freerdp":"2.1.2-12.38.1","freerdp-proxy":"2.1.2-12.38.1","freerdp-server":"2.1.2-12.38.1","libfreerdp2":"2.1.2-12.38.1","libwinpr2":"2.1.2-12.38.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP5","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.2-12.38.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for freerdp fixes the following issues:\n\n- CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856).\n- CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857).\n- CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858).\n- CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859).\n- CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#1214860).\n- CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (bsc#1214862).\n- CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (bsc#1214863).\n- CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write Vulnerability in gdi_CreateSurface (bsc#1214864).\n- CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444 (bsc#1214866).\n- CVE-2023-40567: Fixed Out-Of-Bounds Write in clear_decompress_bands_data (bsc#1214867).\n- CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress (bsc#1214868).\n- CVE-2023-40574: Fixed Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214869).\n- CVE-2023-40575: Fixed Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214870).\n- CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871).\n- CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress (bsc#1214872).\n","id":"SUSE-SU-2023:4611-1","modified":"2023-11-29T13:50:28Z","published":"2023-11-29T13:50:28Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20234611-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214856"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214857"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214858"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214859"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214860"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214862"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214863"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214864"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214866"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214867"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214868"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214869"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214870"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214871"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214872"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39350"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39351"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39352"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39353"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39354"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39356"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40188"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40567"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40569"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40574"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40575"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40576"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40589"}],"related":["CVE-2023-39350","CVE-2023-39351","CVE-2023-39352","CVE-2023-39353","CVE-2023-39354","CVE-2023-39356","CVE-2023-40181","CVE-2023-40186","CVE-2023-40188","CVE-2023-40567","CVE-2023-40569","CVE-2023-40574","CVE-2023-40575","CVE-2023-40576","CVE-2023-40589"],"summary":"Security update for freerdp","upstream":["CVE-2023-39350","CVE-2023-39351","CVE-2023-39352","CVE-2023-39353","CVE-2023-39354","CVE-2023-39356","CVE-2023-40181","CVE-2023-40186","CVE-2023-40188","CVE-2023-40567","CVE-2023-40569","CVE-2023-40574","CVE-2023-40575","CVE-2023-40576","CVE-2023-40589"]}