rpm package
suse/freerdp&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22857 | — | < 2.1.2-12.57.1 | 2.1.2-12.57.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1. | ||
| CVE-2026-22856 | — | < 2.1.2-12.52.1 | 2.1.2-12.52.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1. | ||
| CVE-2026-22855 | — | < 2.1.2-12.57.1 | 2.1.2-12.57.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1. | ||
| CVE-2026-22854 | — | < 2.1.2-12.52.1 | 2.1.2-12.52.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to | ||
| CVE-2026-22852 | — | < 2.1.2-12.52.1 | 2.1.2-12.52.1 | Jan 14, 2026 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across mu |
- CVE-2026-22857Jan 14, 2026affected < 2.1.2-12.57.1fixed 2.1.2-12.57.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.
- CVE-2026-22856Jan 14, 2026affected < 2.1.2-12.52.1fixed 2.1.2-12.52.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.
- CVE-2026-22855Jan 14, 2026affected < 2.1.2-12.57.1fixed 2.1.2-12.57.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
- CVE-2026-22854Jan 14, 2026affected < 2.1.2-12.52.1fixed 2.1.2-12.52.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to
- CVE-2026-22852Jan 14, 2026affected < 2.1.2-12.52.1fixed 2.1.2-12.52.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across mu
Page 2 of 2