{"affected":[{"ecosystem_specific":{"binaries":[{"freerdp":"1.0.2-9.1","libfreerdp-1_0":"1.0.2-9.1","libfreerdp-1_0-plugins":"1.0.2-9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.2-9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"freerdp-devel":"1.0.2-9.1","libfreerdp-1_0":"1.0.2-9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.2-9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"freerdp":"1.0.2-9.1","libfreerdp-1_0":"1.0.2-9.1","libfreerdp-1_0-plugins":"1.0.2-9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP1","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.2-9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for freerdp fixes the following issues:\n\n- CVE-2013-4118: Added a NULL pointer check to fix a server crash (bsc#829013).\n- CVE-2014-0791: Integer overflow in the license_read_scope_list\n  function in libfreerdp/core/license.c in FreeRDP allowed remote RDP\n  servers to cause a denial of service (application crash) or possibly\n  have unspecified other impact via a large ScopeCount value in a Scope\n  List in a Server License Request packet. (bsc#857491)\n- CVE-2014-0250: Multiple integer overflows in client/X11/xf_graphics.c\n  in FreeRDP allowed remote attackers to have an unspecified impact via the\n  width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress\n  function, which causes an incorrect amount of memory to be\n  allocated. (bsc#880317)\n","id":"SUSE-SU-2016:2506-1","modified":"2016-10-12T09:32:34Z","published":"2016-10-12T09:32:34Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162506-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/829013"},{"type":"REPORT","url":"https://bugzilla.suse.com/857491"},{"type":"REPORT","url":"https://bugzilla.suse.com/880317"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-4118"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-0250"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-0791"}],"related":["CVE-2013-4118","CVE-2014-0250","CVE-2014-0791"],"summary":"Security update for freerdp","upstream":["CVE-2013-4118","CVE-2014-0250","CVE-2014-0791"]}