CLSA-2026-1777663444
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777663444.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2026-1777663444
- Upstream
- Published
- 2026-05-05T21:09:06Z
- Modified
- 2026-05-27T11:34:45.645932244Z
- Summary
- freerdp: Fix of 3 CVEs
- Details
-
- CVE-2026-33985: fix information leak in ClearCodec glyph index decode; validate nWidth*nHeight for overflow and update glyphEntry->count only after a successful realloc so subsequent reads cannot expose adjacent heap memory
- CVE-2022-39283: fix missing length check in /video channel data handler; verify the stream contains cbSample bytes before using Stream_Pointer(), preventing decode of uninitialized data past the received payload
- CVE-2022-39282: fix length handling in /parallel driver; zero-initialize the read buffer with calloc and return only the bytes actually read from the port, preventing leakage of uninitialized client memory to the server
- References
Affected packages
TuxCare:CentOS:7 / freerdp
Package
- Name
- freerdp
- Purl
- pkg:rpm/tuxcare/freerdp?distro=centos-7
TuxCare:CentOS:7 / freerdp-devel
Package
- Name
- freerdp-devel
- Purl
- pkg:rpm/tuxcare/freerdp-devel?distro=centos-7
TuxCare:CentOS:7 / freerdp-libs
Package
- Name
- freerdp-libs
- Purl
- pkg:rpm/tuxcare/freerdp-libs?distro=centos-7
TuxCare:CentOS:7 / libwinpr
Package
- Name
- libwinpr
- Purl
- pkg:rpm/tuxcare/libwinpr?distro=centos-7