{"id":"CLSA-2026-1777663444","summary":"freerdp: Fix of 3 CVEs","details":"- CVE-2026-33985: fix information leak in ClearCodec glyph index decode;\n  validate nWidth*nHeight for overflow and update glyphEntry-\u003ecount only\n  after a successful realloc so subsequent reads cannot expose adjacent\n  heap memory\n- CVE-2022-39283: fix missing length check in /video channel data handler;\n  verify the stream contains cbSample bytes before using Stream_Pointer(),\n  preventing decode of uninitialized data past the received payload\n- CVE-2022-39282: fix length handling in /parallel driver; zero-initialize\n  the read buffer with calloc and return only the bytes actually read from\n  the port, preventing leakage of uninitialized client memory to the server","modified":"2026-05-27T11:34:45.645932244Z","published":"2026-05-05T21:09:06Z","upstream":["CVE-2022-39282","CVE-2022-39283","CVE-2026-33985"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos7els/CLSA-2026-1777663444.html"}],"affected":[{"package":{"name":"freerdp","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/freerdp?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.1-5.el7_9.tuxcare.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777663444.json"}},{"package":{"name":"freerdp-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/freerdp-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.1-5.el7_9.tuxcare.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777663444.json"}},{"package":{"name":"freerdp-libs","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/freerdp-libs?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.1-5.el7_9.tuxcare.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777663444.json"}},{"package":{"name":"libwinpr","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/libwinpr?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.1-5.el7_9.tuxcare.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777663444.json"}},{"package":{"name":"libwinpr-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/libwinpr-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.1-5.el7_9.tuxcare.els20"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777663444.json"}}],"schema_version":"1.7.5"}