Fork me on GitHub

3.5.0 minor release

Posted by Armin Novak on April 16, 2024

FreeRDP 3.5.0 has just been released and uploaded to

https://pub.freerdp.com/releases/

A new 3.5.0 minor release for the new 3.0.0 series.

This release focus is on squashing bugs. The improved test coverage and ci builds revealed a number of previously unnoticed issues we have addressed and we also got a report from Evgeny Legerov of Kaspersky Lab identifying a number of out of bound reads in decoder components and one very nasty out of bound write.

CVE: CVE-2024-32041 [Low[ OutOfBound Read in zgfx_decompress_segment CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in clear_decompress_residual_data CVE-2024-32040 [Low] integer underflow in nsc_rle_decode CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress

Since there are new API functions we´ve incremented the minor version again.

See our ChangeLog for a complete list of changes https://github.com/FreeRDP/FreeRDP/blob/3.5.0/ChangeLog