File _patchinfo of Package patchinfo.42881
<patchinfo incident="42881"> <!--generated with prepare-update from request 402186--> <issue tracker="bnc" id="1256721">VUL-0: CVE-2026-22855: freerdp,freerdp2: Heap-buffer-overflow in smartcard_unpack_set_attrib_call</issue> <issue tracker="bnc" id="1256723">VUL-0: CVE-2026-22857: freerdp,freerdp2: Heap-use-after-free in irp_thread_func</issue> <issue tracker="bnc" id="1256943">VUL-0: CVE-2026-23533: freerdp,freerdp2: improper validation can lead to heap buffer overflow in `clear_decompress_residual_data`</issue> <issue tracker="bnc" id="1256945">VUL-0: CVE-2026-23732: freerdp,freerdp2: improper validation can lead to heap buffer overflow in `Glyph_Alloc`</issue> <issue tracker="bnc" id="1256946">VUL-0: CVE-2026-23883: freerdp,freerdp2: use-after-free when `update_pointer_color` and `freerdp_image_copy_from_pointer_data` fail</issue> <issue tracker="bnc" id="1256947">VUL-0: CVE-2026-23884: freerdp,freerdp2: use-after-free in `gdi_set_bounds`</issue> <issue tracker="cve" id="2026-22855"/> <issue tracker="cve" id="2026-22857"/> <issue tracker="cve" id="2026-23533"/> <issue tracker="cve" id="2026-23732"/> <issue tracker="cve" id="2026-23883"/> <issue tracker="cve" id="2026-23884"/> <category>security</category> <rating>important</rating> <packager>yfjiang</packager> <summary>Security update for freerdp</summary> <description>This update for freerdp fixes the following issues: - CVE-2026-22855: heap-buffer-overflow in smartcard_unpack_set_attrib_call (bsc#1256721). - CVE-2026-22857: heap-use-after-free in irp_thread_func (bsc#1256723). - CVE-2026-23533: improper validation can lead to heap buffer overflow in `clear_decompress_residual_data` (bsc#1256943). - CVE-2026-23732: improper validation can lead to heap buffer overflow in `Glyph_Alloc` (bsc#1256945). - CVE-2026-23883: use-after-free when `update_pointer_color` and `freerdp_image_copy_from_pointer_data` fail (bsc#1256946). - CVE-2026-23884: use-after-free in `gdi_set_bounds` (bsc#1256947). </description> </patchinfo>
