Remote Desktop Protocol client
Go to file
RHEL Packaging Agent 5dd7f31d75 Fix incorrect bounds checks in planar codec (CVE-2026-45700)
Backport upstream commit 4a065a941 to fix CVE-2026-45700 in
freerdp 2.11.7. The patch corrects incorrect bounds checks in the
planar codec's RLE decompression path where nDstStep was used
instead of nTempStep, both in the bounds check condition and the
corresponding error message in planar_decompress().

CVE: CVE-2026-45700
Upstream patches:
 - 4a065a941a.patch
Resolves: RHEL-186983

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-06-30 14:55:53 +02:00
.gitignore Import rpm: c8s 2023-02-27 13:01:53 -05:00
allocations-fix-growth-of-preallocated-buffers.patch Backport several CVE fixes 2026-04-29 17:26:10 +02:00
cache-bitmap-initialize-overallocated-bitmap-cache-extra-slot.patch Backport several CVE fixes 2026-04-29 17:26:10 +02:00
cache-bitmap-overallocate-bitmap-cache.patch Backport several CVE fixes 2026-04-29 17:26:10 +02:00
cache-offscreen-invalidate-bitmap-before-free.patch Backport several CVE fixes 2026-01-28 10:18:17 +01:00
channel-rdpsnd-only-clean-up-thread-before-free.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-ainput-lock-context-when-updating-listener.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-audin-free-up-old-audio-formats.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-audin-reset-audin-format.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-drdynvc-reset-channel_callback-before-close.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-drive-fix-constant-type.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-rdpsnd-terminate-thread-before-free.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-serial-explicitly-lock-serial-IrpThreads.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-serial-lock-list-dictionary.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-urbdrc-cancel-all-usb-transfers-on-channel-.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-urbdrc-check-interface-indices-before-use.patch Backport several CVE fixes 2026-02-17 16:03:30 +01:00
channels-urbdrc-do-not-free-MsConfig-on-failure.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-urbdrc-ensure-InterfaceNumber-is-within-ran.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-video-fix-wrong-cast.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
channels-video-unify-error-handling.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
client-x11-fix-deadlock-on-output-expose.patch Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952) 2026-05-05 08:42:23 +00:00
client-x11-fix-double-free-in-case-of-invalid-pointe.patch Backport several CVE fixes 2026-01-28 10:18:17 +01:00
client-x11-fix-xf_rail_window_common-cleanup.patch Backport several CVE fixes 2026-04-29 17:26:10 +02:00
client-x11-improve-rails-window-locking.patch Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952) 2026-05-05 08:42:23 +00:00
client-x11-lock-appwindow.patch Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952) 2026-05-05 08:42:23 +00:00
client-x11-refactor-locking.patch Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952) 2026-05-05 08:42:23 +00:00
codec-clear-check-clear_decomress-glyphData.patch Backport several CVE fixes 2026-01-28 10:18:17 +01:00
codec-clear-fix-clear_resize_buffer-checks.patch Backport several CVE fixes 2026-01-28 10:18:17 +01:00
codec-clear-fix-destination-checks.patch Backport several CVE fixes 2026-03-25 08:59:29 +01:00
codec-clear-fix-off-by-one-length-check.patch Backport several CVE fixes 2026-01-28 10:18:17 +01:00
codec-clear-update-clear_glyph_entry-count-after-alloc.patch Backport several CVE fixes 2026-04-29 17:26:10 +02:00
codec-clear-update-CLEAR_VBAR_ENTRY-size-after-alloc.patch Backport several CVE fixes 2026-04-14 10:37:36 +02:00
codec-color-add-freerdp_glyph_convert_ex.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
codec-dsp-add-format-checks.patch Backport several CVE fixes 2026-04-29 17:26:10 +02:00
codec-dsp-fix-array-bounds-checks.patch Backport several CVE fixes 2026-04-29 17:26:10 +02:00
codec-nsc-fix-use-of-nsc_process_message.patch Fix use of nsc_process_message 2026-03-31 07:34:47 +02:00
codec-nsc-limit-copy-area-in-nsc_process_message.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
codec-planar-fix-bounds-checks.patch Fix incorrect bounds checks in planar codec (CVE-2026-45700) 2026-06-30 14:55:53 +02:00
codec-planar-fix-decoder-length-checks.patch Backport several CVE fixes 2026-01-28 10:18:17 +01:00
codec-planar-fix-missing-destination-bounds-checks.patch Backport several CVE fixes 2026-03-25 08:59:29 +01:00
codec-progressive-fail-progressive_rfx_quant_sub-on-invalid-values.patch Backport several CVE fixes 2026-04-14 10:37:36 +02:00
codec-progressive-fix-underflow-guard-in-progressive_rfx_quant_sub.patch Backport several CVE fixes 2026-04-14 10:37:36 +02:00
core-info-fix-missing-NULL-check.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
crypto-base64-ensure-char-is-singend.patch Backport several CVE fixes 2026-02-17 16:03:30 +01:00
freerdp.spec Fix incorrect bounds checks in planar codec (CVE-2026-45700) 2026-06-30 14:55:53 +02:00
gating.yaml Bring gating.yaml over from Brew dist-git 2023-03-10 10:37:48 -08:00
gdi-gfx-properly-clamp-SurfaceToSurface.patch Backport several CVE fixes 2026-01-28 10:18:17 +01:00
gdi-graphics-Use-freerdp_glyph_convert_ex.patch Backport several CVE fixes 2026-03-29 05:41:30 +02:00
Revert-Moved-clipboard-utils-to-core-library-fixes-6.patch Update to 2.11.7 2024-10-02 10:53:47 +02:00
rpminspect.yaml Bring rpminspect.yaml over from Brew dist-git 2023-03-10 10:37:48 -08:00
sources Update to 2.11.7 2024-10-02 10:53:47 +02:00
utils-smartcard-add-length-validity-checks.patch Backport several CVE fixes 2026-02-17 16:03:30 +01:00