Updated freerdp packages fix security vulnerabilities
Publication date: 06 Apr 2026Modification date: 06 Apr 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-22852 , CVE-2026-22854 , CVE-2026-22855 , CVE-2026-22856 , CVE-2026-22857 , CVE-2026-22859 , CVE-2026-23732 , CVE-2026-23883 , CVE-2026-23884 , CVE-2026-24491 , CVE-2026-26271 , CVE-2026-26955 , CVE-2026-26965 , CVE-2026-31806 , CVE-2026-31883 , CVE-2026-31885
Description
FreeRDP has a heap-buffer-overflow in audin_process_formats.
(CVE-2026-22852)
FreeRDP has a heap-buffer-overflow in drive_process_irp_read.
(CVE-2026-22854)
FreeRDP has a heap-buffer-overflow in smartcard_unpack_set_attrib_call.
(CVE-2026-22855)
FreeRDP has a heap-use-after-free in create_irp_thread. (CVE-2026-22856)
FreeRDP has a heap-use-after-free in irp_thread_func. (CVE-2026-22857)
FreeRDP has a heap-buffer-overflow in urb_select_configuration.
(CVE-2026-22859)
FreeRDP has heap-buffer-overflow in Glyph_Alloc. (CVE-2026-23732)
Heap-use-after-free in update_pointer_new. (CVE-2026-23883)
Heap-use-after-free in gdi_set_bounds. (CVE-2026-23884)
FreeRDP has a heap-use-after-free in video_timer. (CVE-2026-24491)
Buffer Overread in FreeRDP Icon Processing. (CVE-2026-26271)
FreeRDP has Out-of-bounds Write. (CVE-2026-26955, CVE-2026-26965)
FreeRDP has a Heap Buffer Overflow in nsc_process_message() via
Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions. (CVE-2026-31806)
FreeRDP has a `size_t` underflow in ADPCM decoder leads to
heap-buffer-overflow write. (CVE-2026-31883)
FreeRDP has an out-of-bounds read in ADPCM decoders due to missing
predictor/step_index bounds checks. (CVE-2026-31885)
References
- https://bugs.mageia.org/show_bug.cgi?id=35141
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/F2VLQU7USVAQ733RYB7II6KGZB3FG2KW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAYMD62GFPCFHGN6JPLMCVJHP3SKINMW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QGQZQS6664TXPPYGBP7673W2JAXG4K/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/34ABPSLQFVRGFKDSR5ZEDKG5UH6KIBCA/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22852
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22854
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22855
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22856
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22857
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22859
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23883
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23884
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24491
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26271
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26955
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26965
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31806
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31883
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31885
SRPMS
9/core
- freerdp-2.11.7-1.3.mga9