rpm package
suse/freerdp&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (86)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-32661 | — | < 2.1.2-12.47.1 | 2.1.2-12.47.1 | Apr 23, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||
| CVE-2024-32660 | — | < 2.1.2-12.47.1 | 2.1.2-12.47.1 | Apr 23, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||
| CVE-2024-32659 | — | < 2.1.2-12.47.1 | 2.1.2-12.47.1 | Apr 23, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||
| CVE-2024-32658 | — | < 2.1.2-12.47.1 | 2.1.2-12.47.1 | Apr 23, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||
| CVE-2024-32460 | — | < 2.1.2-12.44.1 | 2.1.2-12.44.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workarou | ||
| CVE-2024-32459 | — | < 2.1.2-12.44.1 | 2.1.2-12.44.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. | ||
| CVE-2024-32458 | — | < 2.1.2-12.44.1 | 2.1.2-12.44.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by defaul | ||
| CVE-2024-32041 | — | < 2.1.2-12.44.1 | 2.1.2-12.44.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/ | ||
| CVE-2024-32040 | — | < 2.1.2-12.44.1 | 2.1.2-12.44.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a | ||
| CVE-2024-32039 | — | < 2.1.2-12.44.1 | 2.1.2-12.44.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` opt | ||
| CVE-2024-22211 | — | < 2.1.2-12.41.1 | 2.1.2-12.41.1 | Jan 19, 2024 | FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and prox | ||
| CVE-2023-40567 | — | < 2.1.2-12.38.1 | 2.1.2-12.38.1 | Aug 31, 2023 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may | ||
| CVE-2023-40569 | — | < 2.1.2-12.38.1 | 2.1.2-12.38.1 | Aug 31, 2023 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSr | ||
| CVE-2023-40574 | — | < 2.1.2-12.38.1 | 2.1.2-12.38.1 | Aug 31, 2023 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` v | ||
| CVE-2023-40576 | — | < 2.1.2-12.38.1 | 2.1.2-12.38.1 | Aug 31, 2023 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable wi | ||
| CVE-2023-40575 | — | < 2.1.2-12.38.1 | 2.1.2-12.38.1 | Aug 31, 2023 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` var | ||
| CVE-2023-40188 | — | < 2.1.2-12.38.1 | 2.1.2-12.38.1 | Aug 31, 2023 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable | ||
| CVE-2023-40186 | — | < 2.1.2-12.38.1 | 2.1.2-12.38.1 | Aug 31, 2023 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients | ||
| CVE-2023-40181 | — | < 2.1.2-12.38.1 | 2.1.2-12.38.1 | Aug 31, 2023 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to | ||
| CVE-2023-39356 | — | < 2.1.2-12.38.1 | 2.1.2-12.38.1 | Aug 31, 2023 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the v |
- CVE-2024-32661Apr 23, 2024affected < 2.1.2-12.47.1fixed 2.1.2-12.47.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
- CVE-2024-32660Apr 23, 2024affected < 2.1.2-12.47.1fixed 2.1.2-12.47.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
- CVE-2024-32659Apr 23, 2024affected < 2.1.2-12.47.1fixed 2.1.2-12.47.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
- CVE-2024-32658Apr 23, 2024affected < 2.1.2-12.47.1fixed 2.1.2-12.47.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
- CVE-2024-32460Apr 22, 2024affected < 2.1.2-12.44.1fixed 2.1.2-12.44.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workarou
- CVE-2024-32459Apr 22, 2024affected < 2.1.2-12.44.1fixed 2.1.2-12.44.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
- CVE-2024-32458Apr 22, 2024affected < 2.1.2-12.44.1fixed 2.1.2-12.44.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by defaul
- CVE-2024-32041Apr 22, 2024affected < 2.1.2-12.44.1fixed 2.1.2-12.44.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/
- CVE-2024-32040Apr 22, 2024affected < 2.1.2-12.44.1fixed 2.1.2-12.44.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a
- CVE-2024-32039Apr 22, 2024affected < 2.1.2-12.44.1fixed 2.1.2-12.44.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` opt
- CVE-2024-22211Jan 19, 2024affected < 2.1.2-12.41.1fixed 2.1.2-12.41.1
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and prox
- CVE-2023-40567Aug 31, 2023affected < 2.1.2-12.38.1fixed 2.1.2-12.38.1
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may
- CVE-2023-40569Aug 31, 2023affected < 2.1.2-12.38.1fixed 2.1.2-12.38.1
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSr
- CVE-2023-40574Aug 31, 2023affected < 2.1.2-12.38.1fixed 2.1.2-12.38.1
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` v
- CVE-2023-40576Aug 31, 2023affected < 2.1.2-12.38.1fixed 2.1.2-12.38.1
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable wi
- CVE-2023-40575Aug 31, 2023affected < 2.1.2-12.38.1fixed 2.1.2-12.38.1
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` var
- CVE-2023-40188Aug 31, 2023affected < 2.1.2-12.38.1fixed 2.1.2-12.38.1
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable
- CVE-2023-40186Aug 31, 2023affected < 2.1.2-12.38.1fixed 2.1.2-12.38.1
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients
- CVE-2023-40181Aug 31, 2023affected < 2.1.2-12.38.1fixed 2.1.2-12.38.1
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to
- CVE-2023-39356Aug 31, 2023affected < 2.1.2-12.38.1fixed 2.1.2-12.38.1
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the v
Page 1 of 5