Overview

File _patchinfo of Package patchinfo.42616

<patchinfo incident="42616">
  <issue tracker="cve" id="2026-23531"/>
  <issue tracker="cve" id="2026-22859"/>
  <issue tracker="cve" id="2026-23530"/>
  <issue tracker="cve" id="2026-22852"/>
  <issue tracker="cve" id="2026-23534"/>
  <issue tracker="cve" id="2026-22856"/>
  <issue tracker="cve" id="2026-22854"/>
  <issue tracker="cve" id="2026-23532"/>
  <issue tracker="bnc" id="1256720">VUL-0: CVE-2026-22854: freerdp,freerdp2: Heap-buffer-overflow in drive_process_irp_read</issue>
  <issue tracker="bnc" id="1256944">VUL-0: CVE-2026-23534: freerdp,freerdp2: missing checks can lead to heap buffer overflow in `clear_decompress_bands_data`</issue>
  <issue tracker="bnc" id="1256718">VUL-0: CVE-2026-22852: freerdp,freerdp2: Heap-buffer-overflow in audin_process_formats</issue>
  <issue tracker="bnc" id="1256942">VUL-0: CVE-2026-23532: freerdp,freerdp2: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer overflow in `gdi_SurfaceToSurface`</issue>
  <issue tracker="bnc" id="1256941">VUL-0: CVE-2026-23531: freerdp,freerdp2: improper validation in `clear_decompress` can lead to heap buffer overflow</issue>
  <issue tracker="bnc" id="1256940">VUL-0: CVE-2026-23530: freerdp,freerdp2: improper validation can lead to heap buffer overflow in `planar_decompress_plane_rle`</issue>
  <issue tracker="bnc" id="1256725">VUL-0: CVE-2026-22859: freerdp,freerdp2: Heap-buffer-overflow in urb_select_configuration</issue>
  <issue tracker="bnc" id="1256722">VUL-0: CVE-2026-22856: freerdp,freerdp2: Heap-use-after-free in create_irp_thread</issue>
  <packager>yfjiang</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for freerdp</summary>
  <description>This update for freerdp fixes the following issues:

- CVE-2026-22852: a  malicious RDP server can trigger a heap-buffer-overflow in audin_process_formats (bsc#1256718).
- CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause
  heap-buffer-overflow in drive_process_irp_read (bsc#1256720).
- CVE-2026-22856: race condition in the serial channel IRP thread tracking can cause heap-use-after-free
  in create_irp_thread(bsc#1256722).
- CVE-2026-22859: improper bound check can lead to heap-buffer-overflow in urb_select_configuration (bsc#1256725).
- CVE-2026-23530: improper validation can lead to heap buffer overflow in `planar_decompress_plane_rle` (bsc#1256940).
- CVE-2026-23531: improper validation in `clear_decompress` can lead to heap buffer overflow (bsc#1256941).
- CVE-2026-23532: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer
  overflow in `gdi_SurfaceToSurface` (bsc#1256942).
- CVE-2026-23534: missing checks can lead to heap buffer overflow in `clear_decompress_bands_data` (bsc#1256944).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places