rpm package
opensuse/freerdp&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/freerdp&distro=openSUSE%20Leap%2016.0
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22859 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read | ||
| CVE-2026-22858 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, | ||
| CVE-2026-22857 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1. | ||
| CVE-2026-22856 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1. | ||
| CVE-2026-22855 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1. | ||
| CVE-2026-22854 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to | ||
| CVE-2026-22853 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array | ||
| CVE-2026-22852 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across mu | ||
| CVE-2026-22851 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accesse | ||
| CVE-2025-4478 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | May 16, 2025 | A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL po | ||
| CVE-2024-32661 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Apr 23, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||
| CVE-2024-32660 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Apr 23, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||
| CVE-2024-32659 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Apr 23, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||
| CVE-2024-32658 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Apr 23, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | ||
| CVE-2024-32460 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workarou | ||
| CVE-2024-32459 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. | ||
| CVE-2024-32458 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by defaul | ||
| CVE-2024-32041 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/ | ||
| CVE-2024-32040 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a | ||
| CVE-2024-32039 | — | < 3.22.0-160000.1.1 | 3.22.0-160000.1.1 | Apr 22, 2024 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` opt |
- CVE-2026-22859Jan 14, 2026affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read
- CVE-2026-22858Jan 14, 2026affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned,
- CVE-2026-22857Jan 14, 2026affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.
- CVE-2026-22856Jan 14, 2026affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.
- CVE-2026-22855Jan 14, 2026affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
- CVE-2026-22854Jan 14, 2026affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to
- CVE-2026-22853Jan 14, 2026affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array
- CVE-2026-22852Jan 14, 2026affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across mu
- CVE-2026-22851Jan 14, 2026affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accesse
- CVE-2025-4478May 16, 2025affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL po
- CVE-2024-32661Apr 23, 2024affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
- CVE-2024-32660Apr 23, 2024affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
- CVE-2024-32659Apr 23, 2024affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
- CVE-2024-32658Apr 23, 2024affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
- CVE-2024-32460Apr 22, 2024affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workarou
- CVE-2024-32459Apr 22, 2024affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
- CVE-2024-32458Apr 22, 2024affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by defaul
- CVE-2024-32041Apr 22, 2024affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/
- CVE-2024-32040Apr 22, 2024affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a
- CVE-2024-32039Apr 22, 2024affected < 3.22.0-160000.1.1fixed 3.22.0-160000.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` opt
Page 2 of 3