freerdp-2.11.7-2.el8_10
エラータID: AXSA:2026-152:02
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server. (CVE-2026-23530)
* freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability (CVE-2026-23884)
* freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server (CVE-2026-23883)
* freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution (CVE-2026-23533)
* freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution. (CVE-2026-23531)
* freerdp: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow (CVE-2026-23534)
* freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow (CVE-2026-23532)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-23530
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23531
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23532
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s `gdi_SurfaceToSurface` path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23533
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23534
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23883
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23884
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
Update packages.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s `gdi_SurfaceToSurface` path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
N/A
SRPMS
- freerdp-2.11.7-2.el8_10.src.rpm
MD5: 69e6ac7a802265da669a9f028f53b6ad
SHA-256: 1bdeed61b7441fba33f8544fb5c449d7dc0e85c9ee72e8d8becd40d3a116d535
Size: 7.01 MB
Asianux Server 8 for x86_64
- freerdp-2.11.7-2.el8_10.x86_64.rpm
MD5: 7e90d9c84411380d90189b12728ab243
SHA-256: 0c2c3bc5264e8e33723ab9b3f30e1a6f6f9ea97ef3d3c0738be4b5a2ecf4d44e
Size: 117.46 kB - freerdp-devel-2.11.7-2.el8_10.i686.rpm
MD5: 26285a14cc6611e495356b30b7d24d31
SHA-256: d8875289d6329429d0fac71b53efda6e6dcdd726db257a84b1471e61ada60302
Size: 146.66 kB - freerdp-devel-2.11.7-2.el8_10.x86_64.rpm
MD5: 762b18f703d6e4183feedbb357fa6878
SHA-256: ecc6ae6a5764b2871d6fe88a5601f9b3846f0ac8d5a87a075c96e706611d4d6d
Size: 146.69 kB - freerdp-libs-2.11.7-2.el8_10.i686.rpm
MD5: 8f27cc4a9314baf44a411557956dd132
SHA-256: 13dd5cee478496c6c57ac4a513f85006a5b18c97fadce82cc27cf0ad6853c270
Size: 875.35 kB - freerdp-libs-2.11.7-2.el8_10.x86_64.rpm
MD5: 42b9e2db630d07a77bbcbed041249ebd
SHA-256: 29269c519acabfb9f425abef84bd0feab781b00ad42e8c3a214f82bd6b587698
Size: 927.18 kB - libwinpr-2.11.7-2.el8_10.i686.rpm
MD5: 2f110b02168421f94f326c616d547584
SHA-256: 5f58ca71b3155548c12c0a021751f12cad0106b2cde136939bca7d2420b7a88c
Size: 361.48 kB - libwinpr-2.11.7-2.el8_10.x86_64.rpm
MD5: 00d27c8dfae94299e8423fa539c9a02b
SHA-256: fa0bd66360fb2e28551e47b9d9d99738d9c4bd97aedfb06865a9498cbda9eac0
Size: 378.22 kB - libwinpr-devel-2.11.7-2.el8_10.i686.rpm
MD5: 3c04291e286db0d2c07631ad6960210b
SHA-256: 856b247ed480051d22edfa80a8aa0ef806c138aadb019a5a26c9403119e88e64
Size: 174.80 kB - libwinpr-devel-2.11.7-2.el8_10.x86_64.rpm
MD5: 2d517b81b2a5b942d86de0dc1ada76ac
SHA-256: 84c7ba2d6a760af381db8b9f0aa9416623803927b3ddf915dcc46ee37bf8592c
Size: 174.79 kB