Bugzilla – Bug 1223353
VUL-0: CVE-2024-32658: freerdp: out-of-bounds read in Interleaved RLE Bitmap Codec in FreeRDP based clients
Last modified: 2024-06-26 10:33:41 UTC
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-32658 https://www.cve.org/CVERecord?id=CVE-2024-32658 https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v https://oss-fuzz.com/testcase-detail/4852534033317888 https://oss-fuzz.com/testcase-detail/6196819496337408
SUSE-SU-2024:1835-1: An update that solves four vulnerabilities can now be installed. Category: security (important) Bug References: 1223346, 1223347, 1223348, 1223353 CVE References: CVE-2024-32658, CVE-2024-32659, CVE-2024-32660, CVE-2024-32661 Maintenance Incident: [SUSE:Maintenance:34025](https://smelt.suse.de/incident/34025/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): freerdp-2.1.2-12.47.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): freerdp-2.1.2-12.47.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SP6 resubmission already accepted, assigning back to security team.