Bugzilla – Bug 1223346
VUL-0: CVE-2024-32659: freerdp: out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`
Last modified: 2024-06-26 10:33:33 UTC
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-32659 https://www.cve.org/CVERecord?id=CVE-2024-32659 https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w https://oss-fuzz.com/testcase-detail/6156779722440704
Patch applies to all codestreams: - SUSE:SLE-12-SP2:Update/freerdp - SUSE:SLE-15-SP4:Update/freerdp - SUSE:SLE-15-SP6:Update/freerdp - openSUSE:Factory/freerdp
SUSE-SU-2024:1835-1: An update that solves four vulnerabilities can now be installed. Category: security (important) Bug References: 1223346, 1223347, 1223348, 1223353 CVE References: CVE-2024-32658, CVE-2024-32659, CVE-2024-32660, CVE-2024-32661 Maintenance Incident: [SUSE:Maintenance:34025](https://smelt.suse.de/incident/34025/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): freerdp-2.1.2-12.47.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): freerdp-2.1.2-12.47.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.