SUSE CVE-2026-26965

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into pDstData at nYDst+y nDstStep + 4nXDst + nChannel without verifying that nYDst+nSrcHeight fits in the destination height or that...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, the NDR array reader in RDPEAR did not perform bounds checking on the number of on-wire elements, and could write beyond the heap buffer allocated from hints, resulting in a heap buffer overflow in...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. All FreeRDP-based clients that use the /video command-line switch may read uninitialized data, interpret it as audio/video, and display the result. Server implementations based on FreeRDP are not affected by this issue. This issue has...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the RDPSND async playback thread could process queued PDUs after the channel was closed and its internal state was freed, resulting in a use after free in rdpsndtreatwave. This vulnerability has been fixed i...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferenced a freed xfAppWindow pointer because xfrailgetwindow returned an unprotected pointer from the railWindows hash table. This could allow the main thread to delete the wind...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface read data from a freed xfAppWindow, because the RDPGFX DVC thread obtained a bare pointer via xfrailgetwindow without any lifetime protection. Meanwhile, the main thread could...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, audinserverrecvformats freed an incorrect number of audio formats upon parse failure i + i, resulting in out-of-bounds access in audioformatsfree. This vulnerability has been fixed in version 3.22.0...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing relied on cbData/remaining length, and never validated against the minimum size implied by cx/cy. A malicious server could trigger a client-side global buffer overflow, resulting in a crash...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides an empty password value. This issue affects FreeRDP-based RDP Server implementations. RDP clients are not affected. The...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurred in the gdiSurfaceToSurface path of the FreeRDP client due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0, server-side authentication against a SAM file might succeed with invalid credentials if the server had configured an invalid SAM file path. Clients based on FreeRDP are not affected by this issue. However...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an invalid offset validation, leading to Out Of Bound Write errors. This issue can occur when the values rect-left and rect-top are exactly equal to...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferenced a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returned an unprotected pointer from the railWindows hash table. This could allow the main...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a malicious RDP server could trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. The audinprocessformats function reuses the callback-formatscount...

ROS-20260615-73-0014

The vulnerability of the smartcardunpackreadsizealign function libfreerdp/utils/smartcardpack.c:1703 is related to the use of the assert or similar operator in the RDP client FreeRDP. Exploiting this vulnerability may allow a remote attacker to cause the application to terminate abnormally...

ROS-20260615-73-0016

The vulnerability of the gdiSurfaceCommandClearCodec function in the RDP client FreeRDP is caused by a buffer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

ROS-20260615-73-0039

The vulnerability of the RDP client FreeRDP relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality and accessibility of protected information...

ROS-20260615-73-0043

The vulnerabilities of the functions kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA in the FreeRDP client are related to a memory reclamation error. Exploiting these vulnerabilities could allow an attacker to compromise the accessibility of protected information...

ROS-20260615-73-0025

The vulnerabilities of the functions xfSetWindowMinMaxInfo and xfrailgetwindow in the RDP client FreeRDP are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protecte...

ROS-20260615-73-0022

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...