freerdp-3.21.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10107-1 Final 1 1 2026-01-28T00:00:00Z current 2026-01-28T00:00:00Z 2026-01-28T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z freerdp-3.21.0-1.1 on GA media These are all security issues fixed in the freerdp-3.21.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10107 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2026-23530/ SUSE CVE CVE-2026-23530 page https://www.suse.com/security/cve/CVE-2026-23531/ SUSE CVE CVE-2026-23531 page https://www.suse.com/security/cve/CVE-2026-23532/ SUSE CVE CVE-2026-23532 page https://www.suse.com/security/cve/CVE-2026-23533/ SUSE CVE CVE-2026-23533 page https://www.suse.com/security/cve/CVE-2026-23534/ SUSE CVE CVE-2026-23534 page https://www.suse.com/security/cve/CVE-2026-23732/ SUSE CVE CVE-2026-23732 page https://www.suse.com/security/cve/CVE-2026-23883/ SUSE CVE CVE-2026-23883 page https://www.suse.com/security/cve/CVE-2026-23884/ SUSE CVE CVE-2026-23884 page openSUSE Tumbleweed freerdp-3.21.0-1.1 freerdp-devel-3.21.0-1.1 freerdp-proxy-3.21.0-1.1 freerdp-proxy-plugins-3.21.0-1.1 freerdp-sdl-3.21.0-1.1 freerdp-server-3.21.0-1.1 freerdp-wayland-3.21.0-1.1 libfreerdp-server-proxy3-3-3.21.0-1.1 libfreerdp3-3-3.21.0-1.1 librdtk0-0-3.21.0-1.1 libuwac0-0-3.21.0-1.1 libwinpr3-3-3.21.0-1.1 rdtk0-devel-3.21.0-1.1 uwac0-devel-3.21.0-1.1 winpr-devel-3.21.0-1.1 freerdp-3.21.0-1.1 as a component of openSUSE Tumbleweed freerdp-devel-3.21.0-1.1 as a component of openSUSE Tumbleweed freerdp-proxy-3.21.0-1.1 as a component of openSUSE Tumbleweed freerdp-proxy-plugins-3.21.0-1.1 as a component of openSUSE Tumbleweed freerdp-sdl-3.21.0-1.1 as a component of openSUSE Tumbleweed freerdp-server-3.21.0-1.1 as a component of openSUSE Tumbleweed freerdp-wayland-3.21.0-1.1 as a component of openSUSE Tumbleweed libfreerdp-server-proxy3-3-3.21.0-1.1 as a component of openSUSE Tumbleweed libfreerdp3-3-3.21.0-1.1 as a component of openSUSE Tumbleweed librdtk0-0-3.21.0-1.1 as a component of openSUSE Tumbleweed libuwac0-0-3.21.0-1.1 as a component of openSUSE Tumbleweed libwinpr3-3-3.21.0-1.1 as a component of openSUSE Tumbleweed rdtk0-devel-3.21.0-1.1 as a component of openSUSE Tumbleweed uwac0-devel-3.21.0-1.1 as a component of openSUSE Tumbleweed winpr-devel-3.21.0-1.1 as a component of openSUSE Tumbleweed FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23530 openSUSE Tumbleweed:freerdp-3.21.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.21.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.21.0-1.1 openSUSE Tumbleweed:freerdp-server-3.21.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.21.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.21.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.21.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.21.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.21.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.21.0-1.1 openSUSE Tumbleweed:winpr-devel-3.21.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23530.html CVE-2026-23530 https://bugzilla.suse.com/1256940 SUSE Bug 1256940 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23531 openSUSE Tumbleweed:freerdp-3.21.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.21.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.21.0-1.1 openSUSE Tumbleweed:freerdp-server-3.21.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.21.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.21.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.21.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.21.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.21.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.21.0-1.1 openSUSE Tumbleweed:winpr-devel-3.21.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23531.html CVE-2026-23531 https://bugzilla.suse.com/1256941 SUSE Bug 1256941 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client's `gdi_SurfaceToSurface` path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23532 openSUSE Tumbleweed:freerdp-3.21.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.21.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.21.0-1.1 openSUSE Tumbleweed:freerdp-server-3.21.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.21.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.21.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.21.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.21.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.21.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.21.0-1.1 openSUSE Tumbleweed:winpr-devel-3.21.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23532.html CVE-2026-23532 https://bugzilla.suse.com/1256942 SUSE Bug 1256942 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23533 openSUSE Tumbleweed:freerdp-3.21.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.21.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.21.0-1.1 openSUSE Tumbleweed:freerdp-server-3.21.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.21.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.21.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.21.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.21.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.21.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.21.0-1.1 openSUSE Tumbleweed:winpr-devel-3.21.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23533.html CVE-2026-23533 https://bugzilla.suse.com/1256943 SUSE Bug 1256943 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23534 openSUSE Tumbleweed:freerdp-3.21.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.21.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.21.0-1.1 openSUSE Tumbleweed:freerdp-server-3.21.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.21.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.21.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.21.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.21.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.21.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.21.0-1.1 openSUSE Tumbleweed:winpr-devel-3.21.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23534.html CVE-2026-23534 https://bugzilla.suse.com/1256944 SUSE Bug 1256944 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client-side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue. CVE-2026-23732 openSUSE Tumbleweed:freerdp-3.21.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.21.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.21.0-1.1 openSUSE Tumbleweed:freerdp-server-3.21.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.21.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.21.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.21.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.21.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.21.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.21.0-1.1 openSUSE Tumbleweed:winpr-devel-3.21.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23732.html CVE-2026-23732 https://bugzilla.suse.com/1256945 SUSE Bug 1256945 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client-side use after free, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23883 openSUSE Tumbleweed:freerdp-3.21.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.21.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.21.0-1.1 openSUSE Tumbleweed:freerdp-server-3.21.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.21.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.21.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.21.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.21.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.21.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.21.0-1.1 openSUSE Tumbleweed:winpr-devel-3.21.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23883.html CVE-2026-23883 https://bugzilla.suse.com/1256946 SUSE Bug 1256946 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client-side use after free, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23884 openSUSE Tumbleweed:freerdp-3.21.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.21.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.21.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.21.0-1.1 openSUSE Tumbleweed:freerdp-server-3.21.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.21.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.21.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.21.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.21.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.21.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.21.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.21.0-1.1 openSUSE Tumbleweed:winpr-devel-3.21.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-23884.html CVE-2026-23884 https://bugzilla.suse.com/1256947 SUSE Bug 1256947