VYPR

rpm package

almalinux/libwinpr-devel

pkg:rpm/almalinux/libwinpr-devel

Vulnerabilities (65)

  • CVE-2026-33987HigMar 30, 2026
    affected < 2:3.10.3-5.el10_1.8fixed 2:3.10.3-5.el10_1.8

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData poin

  • CVE-2026-33985MedMar 30, 2026
    affected < 2:3.10.3-5.el10_1.8fixed 2:3.10.3-5.el10_1.8

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

  • CVE-2026-33984HigMar 30, 2026
    affected < 2:2.11.7-1.el9_7.6fixed 2:2.11.7-1.el9_7.6

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels s

  • CVE-2026-33983MedMar 30, 2026
    affected < 2:2.11.7-1.el9_7.6fixed 2:2.11.7-1.el9_7.6

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift expon

  • CVE-2026-33982HigMar 30, 2026
    affected < 2:3.10.3-5.el10_1.8fixed 2:3.10.3-5.el10_1.8

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2.

  • CVE-2026-31806Mar 13, 2026
    affected < 2:2.11.7-1.el9_7.5fixed 2:2.11.7-1.el9_7.5

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server

  • CVE-2026-31885Mar 13, 2026
    affected < 2:3.10.3-5.el10_1.8fixed 2:3.10.3-5.el10_1.8

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.

  • CVE-2026-31884Mar 13, 2026
    affected < 2:3.10.3-5.el10_1.8fixed 2:3.10.3-5.el10_1.8

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common

  • CVE-2026-31883Mar 13, 2026
    affected < 2:3.10.3-5.el10_1.8fixed 2:3.10.3-5.el10_1.8

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtr

  • CVE-2026-29775Mar 13, 2026
    affected < 2:3.10.3-5.el10_1.8fixed 2:3.10.3-5.el10_1.8

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can send a CACHE_BITMAP_ORDER (Rev1

  • CVE-2026-27951Feb 25, 2026
    affected < 2:2.11.7-9.el8_10fixed 2:2.11.7-9.el8_10

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create an endless blocking loop. This may affect all client and server implementations using `FreeRDP`. For practical exploitation this will only wor

  • CVE-2026-26986Feb 25, 2026
    affected < 2:3.10.3-5.el10_1.8fixed 2:3.10.3-5.el10_1.8

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointer during `HashTable_Free` cleanup because `xf_rail_window_common` calls `free(appWindow)` on title allocation failure without firs

  • CVE-2026-26965Feb 25, 2026
    affected < 2:3.10.3-5.el10_1.3fixed 2:3.10.3-5.el10_1.3

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle()` writes into `pDstData` at `((nYDst+y) * nDstStep) + (4*nXDst) + nChannel` without verifying that `(nYDst+nSrcHeight)` fits in t

  • CVE-2026-26955Feb 25, 2026
    affected < 2:3.10.3-5.el10_1.3fixed 2:3.10.3-5.el10_1.3

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e.g., `xfreerdp`) by sending an RDPGFX ClearCodec surface command with an out-of-

  • CVE-2026-25997Feb 25, 2026
    affected < 2:3.10.3-5.el10_1.8fixed 2:3.10.3-5.el10_1.8

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconnect) frees the array while the

  • CVE-2026-25952Feb 25, 2026
    affected < 2:3.10.3-5.el10_1.8fixed 2:3.10.3-5.el10_1.8

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_server_min_max_info` returns an unprotected pointer from the `railWindows` hash t

  • CVE-2026-24684Feb 9, 2026
    affected < 2:2.11.7-1.el9_7.5fixed 2:2.11.7-1.el9_7.5

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.2

  • CVE-2026-24683Feb 9, 2026
    affected < 2:2.11.7-1.el9_7.5fixed 2:2.11.7-1.el9_7.5

    FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to

  • CVE-2026-24682Feb 9, 2026
    affected < 2:3.10.3-5.el10_1.5fixed 2:3.10.3-5.el10_1.5

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.

  • CVE-2026-24681Feb 9, 2026
    affected < 2:2.11.7-1.el9_7.5fixed 2:2.11.7-1.el9_7.5

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0.

Page 1 of 4