Bug 1205512 - (CVE-2022-39316) VUL-0: CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347: freerdp: Multiple client side input validation issues
(CVE-2022-39316)
VUL-0: CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-20...
Status: NEW
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Major (vote)
: ---
Assigned To: Daike Yu
E-mail List
https://smash.suse.de/issue/348214/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-11-17 09:02 UTC by Johannes Weberhofer
Modified: 2023-01-23 08:05 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
stoyan.manolov: needinfo? (yu.daike)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Weberhofer 2022-11-17 09:02:33 UTC
Multiple client side input validation issues
Comment 2 Alexander Bergmann 2022-12-06 16:50:21 UTC
Upstream didn't pinpoint the CVEs directly to the related commits.

https://github.com/FreeRDP/FreeRDP/issues/8494

CVE-2022-39316 - Out of bound read in zgfx decoder e865c24 ???
CVE-2022-39317 - Undefined behaviour in zgfx decoder e865c24 ???
CVE-2022-39318 - Division by zero in urbdrc channel 80adde1
CVE-2022-39319 - Missing length validation in urbdrc channel 1155582
CVE-2022-39320 - Heap buffer overflow in urbdrc channel 1155582 ????
CVE-2022-39347 - Missing path sanitation with drive channel 027424c
CVE-2022-41877 - Missing input length validation in drive channel 6655841