Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23530
The related Github advisory[1] contains an amalysis of the vulenrability, describing the issue and the root cause also. Backported the commit that implemented the solution described in the advisory. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../freerdp/freerdp/CVE-2026-23530.patch | 28 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.11.7.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch new file mode 100644 index 0000000000..4aac13de93 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch @@ -0,0 +1,28 @@ +From 6f61d18e9707cebe9d7d64346c66da780c7094c4 Mon Sep 17 00:00:00 2001 +From: akallabeth <[email protected]> +Date: Thu, 15 Jan 2026 12:02:02 +0100 +Subject: [PATCH] fix decoder length checks + +CVE: CVE-2026-23530 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/1bab198a2edd0d0e6e1627d21a433151ea190500] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + libfreerdp/codec/planar.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c +index fe27011e1..1cb2e22bc 100644 +--- a/libfreerdp/codec/planar.c ++++ b/libfreerdp/codec/planar.c +@@ -616,6 +616,11 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT + WINPR_ASSERT(planar); + WINPR_ASSERT(prims); + ++ if (planar->maxWidth < nSrcWidth) ++ return FALSE; ++ if (planar->maxHeight < nSrcHeight) ++ return FALSE; ++ + if (nDstStep <= 0) + nDstStep = nDstWidth * GetBytesPerPixel(DstFormat); + diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb index 63dc177cbe..d4efcccdbd 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb @@ -27,6 +27,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2026-22854.patch \ file://CVE-2026-22855.patch \ file://CVE-2026-22852.patch \ + file://CVE-2026-23530.patch \ "
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124583): https://lists.openembedded.org/g/openembedded-devel/message/124583 Mute This Topic: https://lists.openembedded.org/mt/117979404/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
