SB2023112971 - SUSE update for freerdp 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023112971

SB2023112971 - SUSE update for freerdp

Published: November 29, 2023

Security Bulletin ID SB2023112971
Severity
High
Patch available
YES
Number of vulnerabilities 15
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 60% Low 7%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.


1) Integer underflow (CVE-ID: CVE-2023-39350)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow caused by incorrect offset calculation. A remote attacker can send specially crafted data to the affected application, trigger an integer underflow and perform a denial of service (DoS) attack.


2) NULL pointer dereference (CVE-ID: CVE-2023-39351)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rfx_process_message_tileset() function in libfreerdp/codec/rfx.c in RemoteFX. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


3) Out-of-bounds write (CVE-ID: CVE-2023-39352)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in libfreerdp/gdi/gfx.c. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


4) Out-of-bounds read (CVE-ID: CVE-2023-39353)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in libfreerdp/codec/rfx.c. A remote attacker can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.


5) Out-of-bounds read (CVE-ID: CVE-2023-39354)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in nsc_rle_decompress_data() function in libfreerdp/codec/nsc.c. A remote user can send specially crafted data to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.


6) Out-of-bounds read (CVE-ID: CVE-2023-39356)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the gdi_multi_opaque_rect() function. A remote attacker can send specially crafted packets to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.


7) Integer underflow (CVE-ID: CVE-2023-40181)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow in zgfx_decompress_segment. A remote attacker can send a specially crafted request to the affected application, trigger integer underflow and cause a denial of service condition on the target system.


8) Integer overflow (CVE-ID: CVE-2023-40186)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the gdi_CreateSurface() function in libfreerdp/gdi/gfx.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.


9) Out-of-bounds read (CVE-ID: CVE-2023-40188)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in general_LumaToYUV444. A remote attacker can trigger an out-of-bounds read error and cause a denial of service condition on the target system.


10) Out-of-bounds write (CVE-ID: CVE-2023-40567)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in clear_decompress_bands_data. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.


11) Out-of-bounds write (CVE-ID: CVE-2023-40569)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in progressive_decompress. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.


12) Out-of-bounds write (CVE-ID: CVE-2023-40574)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in general_YUV444ToRGB_8u_P3AC4R_BGRX. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.


13) Out-of-bounds read (CVE-ID: CVE-2023-40575)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in general_YUV444ToRGB_8u_P3AC4R_BGRX. A remote attacker can trigger an out-of-bounds read error and cause a denial of service condition on the target system.


14) Out-of-bounds read (CVE-ID: CVE-2023-40576)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in RleDecompress. A remote attacker can trigger an out-of-bounds read error and cause a denial of service condition on the system.


15) Buffer overflow (CVE-ID: CVE-2023-40589)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in ncrush_decompress. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.


Remediation

Install update from vendor's website.

References