mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

freerdp3: fix CVE-2026-31806

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-31806

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2026-04-09 19:09:14 +12:00
committed by Anuj Mittal
parent 7025c461c7
commit 73ae0a8034
2 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31806.patch
+36
View File
@@ -0,0 +1,36 @@
From 9bf461ad116d081134adf37da9d6faa9459d1ad6 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 9 Mar 2026 08:11:19 +0100
Subject: [PATCH] [codec,nsc] limit copy area in nsc_process_message
the rectangle decoded might not fit into the destination buffer. Limit
width and height of the area to copy to the one fitting.
CVE: CVE-2026-31806
Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b]
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
libfreerdp/codec/nsc.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/libfreerdp/codec/nsc.c b/libfreerdp/codec/nsc.c
index c2d92e48c..1cee9918d 100644
--- a/libfreerdp/codec/nsc.c
+++ b/libfreerdp/codec/nsc.c
@@ -494,7 +494,15 @@ BOOL nsc_process_message(NSC_CONTEXT* context, UINT16 bpp, UINT32 width, UINT32
return FALSE;
}
- if (!freerdp_image_copy(pDstData, DstFormat, nDstStride, nXDst, nYDst, width, height,
+ uint32_t cwidth = width;
+ if (1ull * nXDst + width > nWidth)
+ cwidth = nWidth - nXDst;
+
+ uint32_t cheight = height;
+ if (1ull * nYDst + height > nHeight)
+ cheight = nHeight - nYDst;
+
+ if (!freerdp_image_copy(pDstData, DstFormat, nDstStride, nXDst, nYDst, cwidth, cheight,
context->BitmapData, PIXEL_FORMAT_BGRA32, 0, 0, 0, NULL, flip))
return FALSE;
meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
+1
View File
@@ -34,6 +34,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
file://CVE-2026-29774.patch \
file://CVE-2026-29775.patch \
file://CVE-2026-29776.patch \
file://CVE-2026-31806.patch \
"
S = "${WORKDIR}/git"