Security update for freerdp2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0449-1 Final 1 1 2026-02-11T14:53:55Z current 2026-02-11T14:53:55Z 2026-02-11T14:53:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freerdp2 This update for freerdp2 fixes the following issues: - CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audin_process_formats (bsc#1256718). - CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in drive_process_irp_read (bsc#1256720). - CVE-2026-22856: race condition in the serial channel IRP thread tracking can cause heap-use-after-free in create_irp_thread(bsc#1256722). - CVE-2026-22859: improper bound check can lead to heap-buffer-overflow in urb_select_configuration (bsc#1256725). - CVE-2026-23530: improper validation can lead to heap buffer overflow in `planar_decompress_plane_rle` (bsc#1256940). - CVE-2026-23531: improper validation in `clear_decompress` can lead to heap buffer overflow (bsc#1256941). - CVE-2026-23532: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer overflow in `gdi_SurfaceToSurface` (bsc#1256942). - CVE-2026-23534: missing checks can lead to heap buffer overflow in `clear_decompress_bands_data` (bsc#1256944). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-449,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-449,SUSE-SLE-Product-WE-15-SP7-2026-449 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260449-1/ Link for SUSE-SU-2026:0449-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024126.html E-Mail link for SUSE-SU-2026:0449-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1256718 SUSE Bug 1256718 https://bugzilla.suse.com/1256720 SUSE Bug 1256720 https://bugzilla.suse.com/1256722 SUSE Bug 1256722 https://bugzilla.suse.com/1256725 SUSE Bug 1256725 https://bugzilla.suse.com/1256940 SUSE Bug 1256940 https://bugzilla.suse.com/1256941 SUSE Bug 1256941 https://bugzilla.suse.com/1256942 SUSE Bug 1256942 https://bugzilla.suse.com/1256944 SUSE Bug 1256944 https://www.suse.com/security/cve/CVE-2026-22852/ SUSE CVE CVE-2026-22852 page https://www.suse.com/security/cve/CVE-2026-22854/ SUSE CVE CVE-2026-22854 page https://www.suse.com/security/cve/CVE-2026-22856/ SUSE CVE CVE-2026-22856 page https://www.suse.com/security/cve/CVE-2026-22859/ SUSE CVE CVE-2026-22859 page https://www.suse.com/security/cve/CVE-2026-23530/ SUSE CVE CVE-2026-23530 page https://www.suse.com/security/cve/CVE-2026-23531/ SUSE CVE CVE-2026-23531 page https://www.suse.com/security/cve/CVE-2026-23532/ SUSE CVE CVE-2026-23532 page https://www.suse.com/security/cve/CVE-2026-23534/ SUSE CVE CVE-2026-23534 page SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 freerdp2-2.11.7-150700.3.3.1 freerdp2-devel-2.11.7-150700.3.3.1 freerdp2-proxy-2.11.7-150700.3.3.1 freerdp2-server-2.11.7-150700.3.3.1 libfreerdp2-2-2.11.7-150700.3.3.1 libwinpr2-2-2.11.7-150700.3.3.1 winpr2-devel-2.11.7-150700.3.3.1 winpr2-devel-2.11.7-150700.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 freerdp2-2.11.7-150700.3.3.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 freerdp2-devel-2.11.7-150700.3.3.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 freerdp2-proxy-2.11.7-150700.3.3.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 freerdp2-server-2.11.7-150700.3.3.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 libfreerdp2-2-2.11.7-150700.3.3.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 libwinpr2-2-2.11.7-150700.3.3.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 winpr2-devel-2.11.7-150700.3.3.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1. CVE-2026-22852 SUSE Linux Enterprise Module for Package Hub 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-proxy-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-server-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260449-1/ https://www.suse.com/security/cve/CVE-2026-22852.html CVE-2026-22852 https://bugzilla.suse.com/1256718 SUSE Bug 1256718 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1. CVE-2026-22854 SUSE Linux Enterprise Module for Package Hub 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-proxy-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-server-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260449-1/ https://www.suse.com/security/cve/CVE-2026-22854.html CVE-2026-22854 https://bugzilla.suse.com/1256720 SUSE Bug 1256720 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use-after-free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1. CVE-2026-22856 SUSE Linux Enterprise Module for Package Hub 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-proxy-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-server-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260449-1/ https://www.suse.com/security/cve/CVE-2026-22856.html CVE-2026-22856 https://bugzilla.suse.com/1256722 SUSE Bug 1256722 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server-supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out-of-bounds read. This vulnerability is fixed in 3.20.1. CVE-2026-22859 SUSE Linux Enterprise Module for Package Hub 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-proxy-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-server-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260449-1/ https://www.suse.com/security/cve/CVE-2026-22859.html CVE-2026-22859 https://bugzilla.suse.com/1256725 SUSE Bug 1256725 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23530 SUSE Linux Enterprise Module for Package Hub 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-proxy-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-server-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260449-1/ https://www.suse.com/security/cve/CVE-2026-23530.html CVE-2026-23530 https://bugzilla.suse.com/1256940 SUSE Bug 1256940 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23531 SUSE Linux Enterprise Module for Package Hub 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-proxy-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-server-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260449-1/ https://www.suse.com/security/cve/CVE-2026-23531.html CVE-2026-23531 https://bugzilla.suse.com/1256941 SUSE Bug 1256941 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client's `gdi_SurfaceToSurface` path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23532 SUSE Linux Enterprise Module for Package Hub 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-proxy-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-server-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260449-1/ https://www.suse.com/security/cve/CVE-2026-23532.html CVE-2026-23532 https://bugzilla.suse.com/1256942 SUSE Bug 1256942 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23534 SUSE Linux Enterprise Module for Package Hub 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-devel-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-proxy-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp2-server-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr2-2-2.11.7-150700.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP7:winpr2-devel-2.11.7-150700.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260449-1/ https://www.suse.com/security/cve/CVE-2026-23534.html CVE-2026-23534 https://bugzilla.suse.com/1256944 SUSE Bug 1256944