Bugzilla – Bug 1204257
VUL-0: CVE-2022-39283: freerdp: using the `/video` command line switch might read uninitialized data
Last modified: 2022-11-15 14:35:41 UTC
CVE-2022-39283 FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39283 http://www.cvedetails.com/cve/CVE-2022-39283/ https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh https://www.cve.org/CVERecord?id=CVE-2022-39283
relevant for Factory and openSUSE:Backports:SLE-15-SP*
tracking as affected: - SUSE:SLE-12-SP2:Update/freerdp - SUSE:SLE-15-SP2:Update/freerdp - SUSE:SLE-15-SP4:Update/freerdp
Cleaning up GNOME CVE backlog. The fix has been submitted and accepted. Assign back to security team.
SUSE-SU-2022:3982-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1204257,1204258 CVE References: CVE-2022-39282,CVE-2022-39283 JIRA References: Sources used: openSUSE Leap 15.3 (src): freerdp-2.1.2-150200.15.21.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): freerdp-2.1.2-150200.15.21.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): freerdp-2.1.2-150200.15.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3983-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1204257,1204258 CVE References: CVE-2022-39282,CVE-2022-39283 JIRA References: Sources used: openSUSE Leap 15.4 (src): freerdp-2.4.0-150400.3.9.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): freerdp-2.4.0-150400.3.9.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src): freerdp-2.4.0-150400.3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3984-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1204257,1204258 CVE References: CVE-2022-39282,CVE-2022-39283 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): freerdp-2.1.2-12.29.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): freerdp-2.1.2-12.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.