openEuler-SA-2026-1521

Synopsis:

freerdp security updateSummary:

An update for freerdp is now available for openEuler-24.03-LTSDescription:

FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp.

Security Fix(es):

A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout.(CVE-2026-22852)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when the cbAttrLen parameter does not match the actual NDR (Network Data Representation) buffer length. An attacker could potentially exploit this vulnerability to read sensitive information from process memory or cause the application to crash.(CVE-2026-22855)

A malicious server can trigger a client-side use after free, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout.(CVE-2026-22856)

A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. The vulnerability exists in the irp_thread_func function.(CVE-2026-22857)

A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout.(CVE-2026-22859)

A heap-based buffer overflow vulnerability exists in FreeRDP within the planar_decompress_plane_rle function, which may lead to memory corruption and arbitrary code execution.(CVE-2026-23530)

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 3.21.0, a heap buffer overflow...