Search CVE reports

Toggle filters

51 – 60 of 162 results

CVE-2026-23884

Medium priority

Some fixes available 2 of 8

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server...

3 affected packages

freerdp, freerdp2, freerdp3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freerdp Not in release Not in release Not in release Needs evaluation
freerdp2 Not in release Ignored Ignored Ignored Ignored
freerdp3 Not affected Fixed Not in release
Show less packages

CVE-2026-23883

Medium priority

Some fixes available 2 of 8

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A...

3 affected packages

freerdp, freerdp2, freerdp3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freerdp Not in release Not in release Not in release Needs evaluation
freerdp2 Not in release Ignored Ignored Ignored Ignored
freerdp3 Not affected Fixed Not in release
Show less packages

CVE-2026-23732

Medium priority

Some fixes available 2 of 8

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can...

3 affected packages

freerdp, freerdp2, freerdp3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freerdp Not in release Not in release Not in release Needs evaluation
freerdp2 Not in release Ignored Ignored Ignored Ignored
freerdp3 Not affected Fixed Not in release
Show less packages

CVE-2026-23534

Medium priority

Some fixes available 6 of 8

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the...

3 affected packages

freerdp, freerdp2, freerdp3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freerdp Not in release Not in release Not in release Needs evaluation
freerdp2 Not in release Fixed Fixed Fixed Fixed
freerdp3 Not affected Fixed Not in release
Show less packages

CVE-2026-23533

Medium priority

Some fixes available 6 of 8

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds...

3 affected packages

freerdp, freerdp2, freerdp3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freerdp Not in release Not in release Not in release Needs evaluation
freerdp2 Not in release Fixed Fixed Fixed Fixed
freerdp3 Not affected Fixed Not in release
Show less packages

CVE-2026-23532

Medium priority

Some fixes available 6 of 8

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s `gdi_SurfaceToSurface` path due to a mismatch between...

3 affected packages

freerdp, freerdp2, freerdp3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freerdp Not in release Not in release Not in release Needs evaluation
freerdp2 Not in release Fixed Fixed Fixed Fixed
freerdp3 Not affected Fixed Not in release
Show less packages

CVE-2026-23531

Medium priority

Some fixes available 6 of 8

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination...

3 affected packages

freerdp, freerdp2, freerdp3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freerdp Not in release Not in release Not in release Needs evaluation
freerdp2 Not in release Fixed Fixed Fixed Fixed
freerdp3 Not affected Fixed Not in release
Show less packages

CVE-2026-23530

Medium priority

Some fixes available 6 of 8

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A...

3 affected packages

freerdp, freerdp2, freerdp3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freerdp Not in release Not in release Not in release Needs evaluation
freerdp2 Not in release Fixed Fixed Fixed Fixed
freerdp3 Not affected Fixed Not in release
Show less packages

CVE-2026-22859

Medium priority

Some fixes available 3 of 11

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in...

3 affected packages

freerdp, freerdp2, freerdp3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freerdp Not in release Not in release Not in release Needs evaluation
freerdp2 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
freerdp3 Fixed Fixed Not in release
Show less packages

CVE-2026-22858

Medium priority

Some fixes available 3 of 11

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on...

3 affected packages

freerdp, freerdp2, freerdp3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
freerdp Not in release Not in release Not in release Needs evaluation
freerdp2 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
freerdp3 Fixed Fixed Not in release
Show less packages
  1. Previous page
  2. 4
  3. 5
  4. 6
  5. 7
  6. 8
  7. Next page
Export to JSON