Source: freerdp3 Version: 3.5.0+dfsg1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for freerdp3. CVE-2024-32658[0]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | FreeRDP based clients prior to version 3.5.1 are vulnerable to out- | of-bounds read. Version 3.5.1 contains a patch for the issue. No | known workarounds are available. CVE-2024-32659[1]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | FreeRDP based clients prior to version 3.5.1 are vulnerable to out- | of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version | 3.5.1 contains a patch for the issue. No known workarounds are | available. CVE-2024-32660[2]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | Prior to version 3.5.1, a malicious server can crash the FreeRDP | client by sending invalid huge allocation size. Version 3.5.1 | contains a patch for the issue. No known workarounds are available. CVE-2024-32661[3]: | FreeRDP is a free implementation of the Remote Desktop Protocol. | FreeRDP based clients prior to version 3.5.1 are vulnerable to a | possible `NULL` access and crash. Version 3.5.1 contains a patch for | the issue. No known workarounds are available. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-32658 https://www.cve.org/CVERecord?id=CVE-2024-32658 [1] https://security-tracker.debian.org/tracker/CVE-2024-32659 https://www.cve.org/CVERecord?id=CVE-2024-32659 [2] https://security-tracker.debian.org/tracker/CVE-2024-32660 https://www.cve.org/CVERecord?id=CVE-2024-32660 [3] https://security-tracker.debian.org/tracker/CVE-2024-32661 https://www.cve.org/CVERecord?id=CVE-2024-32661 Regards, Salvatore