{"affected":[{"ecosystem_specific":{"binaries":[{"freerdp":"2.4.0-150400.3.29.1","freerdp-devel":"2.4.0-150400.3.29.1","freerdp-proxy":"2.4.0-150400.3.29.1","freerdp-server":"2.4.0-150400.3.29.1","freerdp-wayland":"2.4.0-150400.3.29.1","libfreerdp2":"2.4.0-150400.3.29.1","libuwac0-0":"2.4.0-150400.3.29.1","libwinpr2":"2.4.0-150400.3.29.1","uwac0-0-devel":"2.4.0-150400.3.29.1","winpr2-devel":"2.4.0-150400.3.29.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.0-150400.3.29.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"freerdp":"2.4.0-150400.3.29.1","freerdp-devel":"2.4.0-150400.3.29.1","freerdp-proxy":"2.4.0-150400.3.29.1","libfreerdp2":"2.4.0-150400.3.29.1","libwinpr2":"2.4.0-150400.3.29.1","winpr2-devel":"2.4.0-150400.3.29.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP5","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.0-150400.3.29.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"freerdp":"2.4.0-150400.3.29.1","freerdp-devel":"2.4.0-150400.3.29.1","freerdp-proxy":"2.4.0-150400.3.29.1","freerdp-server":"2.4.0-150400.3.29.1","freerdp-wayland":"2.4.0-150400.3.29.1","libfreerdp2":"2.4.0-150400.3.29.1","libuwac0-0":"2.4.0-150400.3.29.1","libwinpr2":"2.4.0-150400.3.29.1","uwac0-0-devel":"2.4.0-150400.3.29.1","winpr2-devel":"2.4.0-150400.3.29.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"freerdp","purl":"pkg:rpm/opensuse/freerdp&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.0-150400.3.29.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for freerdp fixes the following issues:\n\n- CVE-2024-32039: Fixed an out-of-bounds write with variables of type uint32 (bsc#1223293)\n- CVE-2024-32040: Fixed a integer underflow when using the 'NSC' codec (bsc#1223294)\n- CVE-2024-32041: Fixed an out-of-bounds read in Stream_GetRemainingLength() (bsc#1223295)\n- CVE-2024-32458: Fixed an out-of-bounds read on pSrcData[] (bsc#1223296)\n- CVE-2024-32459: Fixed an out-of-bounds read in case SrcSize less than 4 (bsc#1223297)\n- CVE-2024-32460: Fixed an out-of-bounds read when using '/bpp:32' legacy 'GDI' drawing path (bsc#1223298)\n","id":"SUSE-SU-2024:1610-1","modified":"2024-05-10T16:36:16Z","published":"2024-05-10T16:36:16Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241610-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223293"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223294"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223295"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223296"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223297"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223298"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-32039"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-32040"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-32041"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-32458"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-32459"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-32460"}],"related":["CVE-2024-32039","CVE-2024-32040","CVE-2024-32041","CVE-2024-32458","CVE-2024-32459","CVE-2024-32460"],"summary":"Security update for freerdp","upstream":["CVE-2024-32039","CVE-2024-32040","CVE-2024-32041","CVE-2024-32458","CVE-2024-32459","CVE-2024-32460"]}