VYPR

rpm package

opensuse/freerdp2&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/freerdp2&distro=openSUSE%20Tumbleweed

Vulnerabilities (114)

  • CVE-2024-32460Apr 22, 2024
    affected < 2.11.7-1.1fixed 2.11.7-1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workarou

  • CVE-2024-32459Apr 22, 2024
    affected < 2.11.7-1.1fixed 2.11.7-1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.

  • CVE-2024-32458Apr 22, 2024
    affected < 2.11.7-1.1fixed 2.11.7-1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by defaul

  • CVE-2024-32041Apr 22, 2024
    affected < 2.11.7-1.1fixed 2.11.7-1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/

  • CVE-2024-32040Apr 22, 2024
    affected < 2.11.7-1.1fixed 2.11.7-1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a

  • CVE-2024-32039Apr 22, 2024
    affected < 2.11.7-1.1fixed 2.11.7-1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` opt

  • CVE-2024-22211Jan 19, 2024
    affected < 2.11.7-4.1fixed 2.11.7-4.1

    FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and prox

  • CVE-2023-40567Aug 31, 2023
    affected < 2.11.2-3.1fixed 2.11.2-3.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may

  • CVE-2023-40569Aug 31, 2023
    affected < 2.11.2-3.1fixed 2.11.2-3.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSr

  • CVE-2023-40574Aug 31, 2023
    affected < 2.11.5-1.1fixed 2.11.5-1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` v

  • CVE-2023-40576Aug 31, 2023
    affected < 2.11.5-1.1fixed 2.11.5-1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable wi

  • CVE-2023-40575Aug 31, 2023
    affected < 2.11.5-1.1fixed 2.11.5-1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` var

  • CVE-2023-40188Aug 31, 2023
    affected < 2.11.2-3.1fixed 2.11.2-3.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable

  • CVE-2023-40186Aug 31, 2023
    affected < 2.11.2-3.1fixed 2.11.2-3.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients

  • CVE-2023-40181Aug 31, 2023
    affected < 2.11.2-3.1fixed 2.11.2-3.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to

  • CVE-2023-39356Aug 31, 2023
    affected < 2.11.2-3.1fixed 2.11.2-3.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the v

  • CVE-2023-39352Aug 31, 2023
    affected < 2.11.2-3.1fixed 2.11.2-3.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly eq

  • CVE-2023-39353Aug 31, 2023
    affected < 2.11.2-3.1fixed 2.11.2-3.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantI

  • CVE-2023-39351Aug 31, 2023
    affected < 2.11.2-3.1fixed 2.11.2-3.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the

  • CVE-2023-39354Aug 31, 2023
    affected < 2.11.2-3.1fixed 2.11.2-3.1

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without

Page 3 of 6