13 matches found
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. CVE-2026-25952: Heap-use-after-free in xfSetWindowMinMaxInfo...
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. CVE-2026-25952: Heap-use-after-free in xfSetWindowMinMaxInfo...
SUSE CVE-2026-26986
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...
CVE-2026-26986
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...
CVE-2026-26986
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...
CVE-2026-25952
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...
UBUNTU-CVE-2026-25954
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferences a freed xfAppWindow pointer because xfrailgetwindow returns an unprotected pointer from the railWindows hash table, and the main thread can concurrently delete the wind...
CVE-2026-26986
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...
CVE-2026-26986 FreeRDP has heap-use-after-free in rail_window_free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...
CVE-2026-26986 FreeRDP has heap-use-after-free in rail_window_free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...
CVE-2026-26986
CVE-2026-26986 affects FreeRDP prior to version 3.23.0. The root cause is a use-after-free: during HashTable_Free cleanup, xf_rail_window_common frees appWindow without first removing the corresponding entry from the railWindows hash table, leaving a dangling pointer that is freed again on discon...
CVE-2026-26986
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...
PT-2026-22020
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists where the rail window free function dereferences a freed xfAppWindow pointer during HashTable Free cleanup. This occurs...