{"affected":[{"ecosystem_specific":{"binaries":[{"freerdp-devel":"2.1.2-12.35.1","libfreerdp2":"2.1.2-12.35.1","libwinpr2":"2.1.2-12.35.1","winpr2-devel":"2.1.2-12.35.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.2-12.35.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"freerdp":"2.1.2-12.35.1","freerdp-proxy":"2.1.2-12.35.1","freerdp-server":"2.1.2-12.35.1","libfreerdp2":"2.1.2-12.35.1","libwinpr2":"2.1.2-12.35.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP5","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.2-12.35.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for freerdp fixes the following issues:\n\n- CVE-2022-39316: Fixed out of bound read in zgfx decoder (bsc#1205512).\n- CVE-2022-39317: Fixed undefined behaviour in zgfx decoder (bsc#1205512).\n- CVE-2022-39320: Fixed heap buffer overflow in urbdrc channel (bsc#1205512).\n- CVE-2022-39347: Fixed missing path sanitation with drive channel (bsc#1205512).\n- CVE-2022-41877: Fixed missing input length validation in drive channel (bsc#1205512).\n","id":"SUSE-SU-2023:0400-1","modified":"2023-02-13T15:17:53Z","published":"2023-02-13T15:17:53Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20230400-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205512"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39316"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39317"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39320"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39347"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-41877"}],"related":["CVE-2022-39316","CVE-2022-39317","CVE-2022-39320","CVE-2022-39347","CVE-2022-41877"],"summary":"Security update for freerdp","upstream":["CVE-2022-39316","CVE-2022-39317","CVE-2022-39320","CVE-2022-39347","CVE-2022-41877"]}