VYPR

rpm package

suse/freerdp&distro=SUSE Linux Enterprise Server 16.0

pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Vulnerabilities (11)

  • CVE-2026-45700CriMay 29, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate

  • CVE-2026-44422HigMay 29, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is

  • CVE-2026-44421HigMay 29, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is c

  • CVE-2026-44420HigMay 29, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can cras

  • CVE-2026-40033HigMay 26, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unc

  • CVE-2026-40254MedApr 24, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot()` function catches `../` and `..\` mid-path but misses `..` when it's the last

  • CVE-2026-33995MedMar 30, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP cl

  • CVE-2026-33987HigMar 30, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData poin

  • CVE-2026-33986HigMar 30, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() call fails, the function returns FAL

  • CVE-2026-33985MedMar 30, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

  • CVE-2026-33982HigMar 30, 2026
    affected < 3.26.0-160000.1.1fixed 3.26.0-160000.1.1

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2.