[oe] [meta-oe][kirkstone][PATCH 3/5] freerdp: patch CVE-2023-39353

Gyorgy Sarvari via lists.openembedded.org Tue, 20 Jan 2026 23:04:52 -0800

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39353


Pick the patch that was identified[1] by Debian as the solution.

[1]: https://security-tracker.debian.org/tracker/CVE-2023-39353
Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../freerdp/freerdp/CVE-2023-39353.patch      | 53 +++++++++++++++++++
 .../recipes-support/freerdp/freerdp_2.6.1.bb  |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2023-39353.patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2023-39353.patch 
b/meta-oe/recipes-support/freerdp/freerdp/CVE-2023-39353.patch
new file mode 100644
index 0000000000..51ac065687
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2023-39353.patch
@@ -0,0 +1,53 @@
+From 944994cb41d62ea893bd8bdaf436e97f42965de0 Mon Sep 17 00:00:00 2001
+From: Armin Novak <[email protected]>
+Date: Sat, 5 Aug 2023 08:57:28 +0200
+Subject: [PATCH] check indices are within range
+
+reported by pwn2carr
+
+CVE: CVE-2023-39353
+Upstream-Status: Backport 
[https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ libfreerdp/codec/rfx.c | 25 ++++++++++++++++++++++++-
+ 1 file changed, 24 insertions(+), 1 deletion(-)
+
+diff --git a/libfreerdp/codec/rfx.c b/libfreerdp/codec/rfx.c
+index 8c65e7508..998a7aa56 100644
+--- a/libfreerdp/codec/rfx.c
++++ b/libfreerdp/codec/rfx.c
+@@ -932,10 +932,33 @@ static BOOL rfx_process_message_tileset(RFX_CONTEXT* 
context, RFX_MESSAGE* messa
+                       rc = FALSE;
+                       break;
+               }
+-
+               Stream_Read_UINT8(&sub, tile->quantIdxY);  /* quantIdxY (1 
byte) */
+               Stream_Read_UINT8(&sub, tile->quantIdxCb); /* quantIdxCb (1 
byte) */
+               Stream_Read_UINT8(&sub, tile->quantIdxCr); /* quantIdxCr (1 
byte) */
++              if (tile->quantIdxY >= context->numQuant)
++              {
++                      WLog_Print(context->priv->log, WLOG_ERROR,
++                                 "quantIdxY %" PRIu8 " >= numQuant %" PRIu8, 
tile->quantIdxY,
++                                 context->numQuant);
++                      rc = FALSE;
++                      break;
++              }
++              if (tile->quantIdxCb >= context->numQuant)
++              {
++                      WLog_Print(context->priv->log, WLOG_ERROR,
++                                 "quantIdxCb %" PRIu8 " >= numQuant %" PRIu8, 
tile->quantIdxCb,
++                                 context->numQuant);
++                      rc = FALSE;
++                      break;
++              }
++              if (tile->quantIdxCr >= context->numQuant)
++              {
++                      WLog_Print(context->priv->log, WLOG_ERROR,
++                                 "quantIdxCr %" PRIu8 " >= numQuant %" PRIu8, 
tile->quantIdxCr,
++                                  context->numQuant);
++                      rc = FALSE;
++                      break;
++              }
+               Stream_Read_UINT16(&sub, tile->xIdx);      /* xIdx (2 bytes) */
+               Stream_Read_UINT16(&sub, tile->yIdx);      /* yIdx (2 bytes) */
+               Stream_Read_UINT16(&sub, tile->YLen);      /* YLen (2 bytes) */
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb 
b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
index 052e77932e..dd944e450d 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
@@ -24,6 +24,7 @@ SRC_URI = 
"git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
            file://CVE-2023-39350.patch \
            file://CVE-2023-39351.patch \
            file://CVE-2023-39352.patch \
+           file://CVE-2023-39353.patch \
            "
 
 S = "${WORKDIR}/git"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#123686): 
https://lists.openembedded.org/g/openembedded-devel/message/123686
Mute This Topic: https://lists.openembedded.org/mt/117378239/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][kirkstone][PATCH 3/5] freerdp: patch CVE-2023-39353

Reply via email to