summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31897.patch28
-rw-r--r--meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb1
2 files changed, 29 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31897.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31897.patch
new file mode 100644
index 0000000000..2d1b338171
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31897.patch
@@ -0,0 +1,28 @@
1From 8a03413b6b154100076bfedf6388a348189a6791 Mon Sep 17 00:00:00 2001
2From: Armin Novak <armin.novak@thincast.com>
3Date: Tue, 10 Mar 2026 09:17:23 +0100
4Subject: [PATCH] [codec,planar] add early length check to avoid oob read
5
6CVE: CVE-2026-31897
7Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7]
8Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
9---
10 libfreerdp/codec/planar.c | 4 ++--
11 1 file changed, 2 insertions(+), 2 deletions(-)
12
13diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
14index 4b51a023e..f3e00f9e5 100644
15--- a/libfreerdp/codec/planar.c
16+++ b/libfreerdp/codec/planar.c
17@@ -720,9 +720,9 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
18
19 srcp = pSrcData;
20
21- if (!pSrcData)
22+ if (!pSrcData || (SrcSize < 1))
23 {
24- WLog_ERR(TAG, "Invalid argument pSrcData=NULL");
25+ WLog_ERR(TAG, "Invalid argument pSrcData=%p [size=%" PRIu32 "]", pSrcData, SrcSize);
26 return FALSE;
27 }
28
diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
index 66cc3305e8..a45490e8f5 100644
--- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
@@ -35,6 +35,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
35 file://CVE-2026-29775.patch \ 35 file://CVE-2026-29775.patch \
36 file://CVE-2026-29776.patch \ 36 file://CVE-2026-29776.patch \
37 file://CVE-2026-31806.patch \ 37 file://CVE-2026-31806.patch \
38 file://CVE-2026-31897.patch \
38 " 39 "
39 40
40S = "${WORKDIR}/git" 41S = "${WORKDIR}/git"