freerdp-2.11.7-1.el9_7.1
エラータID: AXSA:2026-161:03
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server. (CVE-2026-23530)
* freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability (CVE-2026-23884)
* freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server (CVE-2026-23883)
* freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution (CVE-2026-23533)
* freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution. (CVE-2026-23531)
* freerdp: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow (CVE-2026-23534)
* freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow (CVE-2026-23532)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-23530
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23531
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23532
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s `gdi_SurfaceToSurface` path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23533
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23534
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23883
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVE-2026-23884
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
Update packages.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s `gdi_SurfaceToSurface` path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
N/A
SRPMS
- freerdp-2.11.7-1.el9_7.1.src.rpm
MD5: 221169b157190677b165877edfc210b6
SHA-256: 8002405eeeda1f0a8ab033748a4b4a6f11d12acdd07b11a29d470e491fad9c14
Size: 7.00 MB
Asianux Server 9 for x86_64
- freerdp-2.11.7-1.el9_7.1.x86_64.rpm
MD5: d94c908e6f91fbc397092cc1f52945e7
SHA-256: b70f9aa0c656e73cc783dffd419035d58d3c7177a0151d36d752565236801ea2
Size: 110.88 kB - freerdp-devel-2.11.7-1.el9_7.1.i686.rpm
MD5: 65b804a65a5a40050bca304d28d4cc91
SHA-256: 1dd5f951450b96a4b684b15c48067574de93201cc456c64a8dfacf2b50b90985
Size: 175.31 kB - freerdp-devel-2.11.7-1.el9_7.1.x86_64.rpm
MD5: ad2da0c4190a7627d22e02794cee6f8b
SHA-256: 8b368603174dede1de22f8d55d0e3f3ee475fefcd399b01271cca8020c4b2448
Size: 175.36 kB - freerdp-libs-2.11.7-1.el9_7.1.i686.rpm
MD5: 09c2271dda12f67d94414e7005c01acf
SHA-256: 6e3e0738d15eb0e366dd978f37decb3848ad8ef9d35af5e0213a1d86c78063c5
Size: 849.01 kB - freerdp-libs-2.11.7-1.el9_7.1.x86_64.rpm
MD5: 53d4421920d2e19d0831bf1b41f7a9a7
SHA-256: e6c22f3372bb0fe464643a9c81c0eeb12631022914bfaf1210b94adfd1b63c74
Size: 903.98 kB - libwinpr-2.11.7-1.el9_7.1.i686.rpm
MD5: 36f5721839608d6088dccc7a18d047f1
SHA-256: bcc811d806b9747579b42671d13ec43b8166e8e75fd3ead7d6f4e4e5ad9cc9a6
Size: 340.35 kB - libwinpr-2.11.7-1.el9_7.1.x86_64.rpm
MD5: efd49c55c69fb9d213a69023c1477ca6
SHA-256: ca44cc0cafe18c097ef58e407b21018eff46f14ef9aa4dd7f3b9650301c059da
Size: 354.65 kB - libwinpr-devel-2.11.7-1.el9_7.1.i686.rpm
MD5: 30bfcdbf6f34d6311dce245e3cea10bf
SHA-256: 3bd835ccba2345b5e30b05d0f19918447290a6e262fa1aa47022d199e98f11ab
Size: 181.15 kB - libwinpr-devel-2.11.7-1.el9_7.1.x86_64.rpm
MD5: 5b26b4ce00635aac3a5aa4f5d35934f8
SHA-256: 30e7202d21dbc7a862c9d4670a9c34a57b6f89c699d1496525b4df83085fb2c8
Size: 181.18 kB