{"id":"MGASA-2026-0046","summary":"Updated freerdp packages fix security vulnerabilities","details":"FreeRDP has heap-buffer-overflow in planar_decompress_plane_rle.\n(CVE-2026-23530)\nFreeRDP has heap-buffer-overflow in clear_decompress. (CVE-2026-23531)\nFreeRDP has heap-buffer-overflow in gdi_SurfaceToSurface.\n(CVE-2026-23532)\nFreeRDP has heap-buffer-overflow in clear_decompress_residual_data.\n(CVE-2026-23533)\nFreeRDP has heap-buffer-overflow in clear_decompress_bands_data.\n(CVE-2026-23534)\nFreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2().\n(CVE-2026-23948)\nFreeRDP has a heap-use-after-free in video_timer. (CVE-2026-24491)\nFreeRDP has a Heap-use-after-free in urb_select_interface.\n(CVE-2026-24675)\nFreeRDP has a heap-use-after-free in audio_format_compatible.\n(CVE-2026-24676)\nFreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264.\n(CVE-2026-24677)\nFreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread.\n(CVE-2026-24678)\nFreeRDP has a heap-buffer-overflow in urb_select_interface.\n(CVE-2026-24679)\nFreeRDP has a heap-use-after-free in update_pointer_new(SDL).\n(CVE-2026-24680)\nFreeRDP has a heap-use-after-free in urb_bulk_transfer_cb.\n(CVE-2026-24681)\nFreeRDP has a Heap-buffer-overflow in audio_formats_free.\n(CVE-2026-24682)\nFreeRDP has a heap-use-after-free in ainput_send_input_event.\n(CVE-2026-24683)\nFreeRDP has a Heap-use-after-free in play_thread. (CVE-2026-24684)\n","modified":"2026-04-16T00:09:45.888578637Z","published":"2026-02-22T00:53:38Z","upstream":["CVE-2026-23530","CVE-2026-23531","CVE-2026-23532","CVE-2026-23533","CVE-2026-23534","CVE-2026-23948","CVE-2026-24491","CVE-2026-24675","CVE-2026-24676","CVE-2026-24677","CVE-2026-24678","CVE-2026-24679","CVE-2026-24680","CVE-2026-24681","CVE-2026-24682","CVE-2026-24683","CVE-2026-24684"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0046.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35038"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3PECP75D65BGMOXX4VA6VFZW5A365UOB/"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/02/09/8"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/02/10/1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8004-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8042-1"}],"affected":[{"package":{"name":"freerdp","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/freerdp?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.11.7-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0046.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}