This update for freerdp2 fixes the following issues:
- CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audin_process_formats (bsc#1256718).
- CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause
heap-buffer-overflow in drive_process_irp_read (bsc#1256720).
- CVE-2026-22856: race condition in the serial channel IRP thread tracking can cause heap-use-after-free
in create_irp_thread(bsc#1256722).
- CVE-2026-22859: improper bound check can lead to heap-buffer-overflow in urb_select_configuration (bsc#1256725).
- CVE-2026-23530: improper validation can lead to heap buffer overflow in
planar_decompress_plane_rle (bsc#1256940).
- CVE-2026-23531: improper validation in
clear_decompress can lead to heap buffer overflow (bsc#1256941).
- CVE-2026-23532: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer
overflow in
gdi_SurfaceToSurface (bsc#1256942).
- CVE-2026-23534: missing checks can lead to heap buffer overflow in
clear_decompress_bands_data (bsc#1256944).