{"id":"RLSA-2026:6918","summary":"Important: freerdp security update","details":"FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: FreeRDP heap-use-after-free (CVE-2026-22856)\n\n* freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22854)\n\n* freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22852)\n\n* freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow (CVE-2026-23732)\n\n* freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation (CVE-2026-24676)\n\n* freerdp: FreeRDP has a heap-use-after-free in video_timer (CVE-2026-24491)\n\n* freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() (CVE-2026-23948)\n\n* freerdp: FreeRDP has a Heap-use-after-free in play_thread (CVE-2026-24684)\n\n* freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb (CVE-2026-24681)\n\n* freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event (CVE-2026-24683)\n\n* freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface (CVE-2026-24679)\n\n* freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface (CVE-2026-24675)\n\n* freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages (CVE-2026-31806)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-04-09T06:32:42.150180Z","published":"2026-04-09T06:02:21.819616Z","upstream":["CVE-2026-22852","CVE-2026-22854","CVE-2026-22856","CVE-2026-23732","CVE-2026-23948","CVE-2026-24491","CVE-2026-24675","CVE-2026-24676","CVE-2026-24679","CVE-2026-24681","CVE-2026-24683","CVE-2026-24684","CVE-2026-31806"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:6918"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429650"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429652"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429654"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430881"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438201"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438202"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438207"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438208"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438210"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438216"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438217"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438221"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447376"}],"affected":[{"package":{"name":"freerdp","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/freerdp?distro=rocky-linux-8&epoch=2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.11.7-6.el8_10"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2026:6918.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}