RHSA-2026:16485
Vulnerability from csaf_redhat - Published: 2026-05-12 23:28 - Updated: 2026-05-13 09:44Summary
Red Hat Security Advisory: freerdp security update
Severity
Moderate
Notes
Topic: An update for freerdp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)
* freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)
* freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951)
* freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)
* freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885)
* freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)
* freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)
* FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the `xf_SetWindowMinMaxInfo` function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol (RAIL) channel thread is still using the pointer. This flaw can lead to a denial of service.
6.4 (Medium)
Affected products
Fixed
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This double free vulnerability occurs during the cleanup process when a remote desktop session disconnects. Specifically, if a title allocation fails, a pointer to an application window is freed but not removed from a tracking table. Later, during disconnection, the same pointer is freed again, which can lead to a crash and result in a denial of service.
5.3 (Medium)
Affected products
Fixed
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The `Stream_EnsureCapacity` function can create an endless blocking loop, leading to a Denial of Service (DoS). This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than or equal to the `SIZE_MAX` variable, potentially affecting both client and server implementations using FreeRDP.
5.9 (Medium)
Affected products
Fixed
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can send a CACHE_BITMAP_ORDER (Rev1) with cacheId equal to maxCells, bypassing the guard and accessing cells[] one element past the allocated array. A malicious server can trigger a client-side heap out-of-bounds access (READ of 4 bytes, followed by potential WRITE of a pointer) on the bitmap cache cells array, causing a crash (DoS) and heap corruption. The off-by-one accesses cells[maxCells] which reads from and writes to adjacent heap memory, potentially enabling pointer overwrite for code execution depending on heap layout.
5.3 (Medium)
Affected products
Fixed
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol (RDP). A remote attacker can exploit a size_t underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a heap-buffer-overflow write, which can result in a denial of service for the FreeRDP client.
7.3 (High)
Affected products
Fixed
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A division by zero flaw has been discovered in FreeRDP. This division by zero exists in the MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash.
6.5 (Medium)
Affected products
Fixed
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. An attacker may be able to leverage this weakness to leak global data.
6.5 (Medium)
Affected products
Fixed
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker.
5.3 (Medium)
Affected products
Fixed
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
72 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for freerdp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)\n\n* freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)\n\n* freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951)\n\n* freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)\n\n* freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885)\n\n* freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)\n\n* freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)\n\n* FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16485",
"url": "https://access.redhat.com/errata/RHSA-2026:16485"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2442768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442768"
},
{
"category": "external",
"summary": "2442782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442782"
},
{
"category": "external",
"summary": "2442783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442783"
},
{
"category": "external",
"summary": "2447379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447379"
},
{
"category": "external",
"summary": "2447383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447383"
},
{
"category": "external",
"summary": "2447385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447385"
},
{
"category": "external",
"summary": "2447386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447386"
},
{
"category": "external",
"summary": "2453217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453217"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16485.json"
}
],
"title": "Red Hat Security Advisory: freerdp security update",
"tracking": {
"current_release_date": "2026-05-13T09:44:44+00:00",
"generator": {
"date": "2026-05-13T09:44:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2026:16485",
"initial_release_date": "2026-05-12T23:28:02+00:00",
"revision_history": [
{
"date": "2026-05-12T23:28:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T23:28:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-13T09:44:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-2:2.4.1-3.el9_0.7.x86_64",
"product": {
"name": "freerdp-2:2.4.1-3.el9_0.7.x86_64",
"product_id": "freerdp-2:2.4.1-3.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp@2.4.1-3.el9_0.7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"product": {
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"product_id": "freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-libs@2.4.1-3.el9_0.7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"product": {
"name": "libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"product_id": "libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwinpr@2.4.1-3.el9_0.7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"product": {
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"product_id": "freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-debugsource@2.4.1-3.el9_0.7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"product": {
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"product_id": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-debuginfo@2.4.1-3.el9_0.7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"product": {
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"product_id": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-libs-debuginfo@2.4.1-3.el9_0.7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"product": {
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"product_id": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwinpr-debuginfo@2.4.1-3.el9_0.7?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"product": {
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"product_id": "freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-libs@2.4.1-3.el9_0.7?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libwinpr-2:2.4.1-3.el9_0.7.i686",
"product": {
"name": "libwinpr-2:2.4.1-3.el9_0.7.i686",
"product_id": "libwinpr-2:2.4.1-3.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwinpr@2.4.1-3.el9_0.7?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"product": {
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"product_id": "freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-debugsource@2.4.1-3.el9_0.7?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"product": {
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"product_id": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-debuginfo@2.4.1-3.el9_0.7?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"product": {
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"product_id": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-libs-debuginfo@2.4.1-3.el9_0.7?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"product": {
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"product_id": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwinpr-debuginfo@2.4.1-3.el9_0.7?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-2:2.4.1-3.el9_0.7.src",
"product": {
"name": "freerdp-2:2.4.1-3.el9_0.7.src",
"product_id": "freerdp-2:2.4.1-3.el9_0.7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp@2.4.1-3.el9_0.7?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-2:2.4.1-3.el9_0.7.aarch64",
"product": {
"name": "freerdp-2:2.4.1-3.el9_0.7.aarch64",
"product_id": "freerdp-2:2.4.1-3.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp@2.4.1-3.el9_0.7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"product": {
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"product_id": "freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-libs@2.4.1-3.el9_0.7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"product": {
"name": "libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"product_id": "libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwinpr@2.4.1-3.el9_0.7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"product": {
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"product_id": "freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-debugsource@2.4.1-3.el9_0.7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"product": {
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"product_id": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-debuginfo@2.4.1-3.el9_0.7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"product": {
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"product_id": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-libs-debuginfo@2.4.1-3.el9_0.7?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"product": {
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"product_id": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwinpr-debuginfo@2.4.1-3.el9_0.7?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"product": {
"name": "freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"product_id": "freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp@2.4.1-3.el9_0.7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"product": {
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"product_id": "freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-libs@2.4.1-3.el9_0.7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"product": {
"name": "libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"product_id": "libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwinpr@2.4.1-3.el9_0.7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"product": {
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"product_id": "freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-debugsource@2.4.1-3.el9_0.7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"product": {
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"product_id": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-debuginfo@2.4.1-3.el9_0.7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"product": {
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"product_id": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-libs-debuginfo@2.4.1-3.el9_0.7?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"product": {
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"product_id": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwinpr-debuginfo@2.4.1-3.el9_0.7?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-2:2.4.1-3.el9_0.7.s390x",
"product": {
"name": "freerdp-2:2.4.1-3.el9_0.7.s390x",
"product_id": "freerdp-2:2.4.1-3.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp@2.4.1-3.el9_0.7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"product": {
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"product_id": "freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-libs@2.4.1-3.el9_0.7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libwinpr-2:2.4.1-3.el9_0.7.s390x",
"product": {
"name": "libwinpr-2:2.4.1-3.el9_0.7.s390x",
"product_id": "libwinpr-2:2.4.1-3.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwinpr@2.4.1-3.el9_0.7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"product": {
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"product_id": "freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-debugsource@2.4.1-3.el9_0.7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"product": {
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"product_id": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-debuginfo@2.4.1-3.el9_0.7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"product": {
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"product_id": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freerdp-libs-debuginfo@2.4.1-3.el9_0.7?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"product": {
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"product_id": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libwinpr-debuginfo@2.4.1-3.el9_0.7?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-2:2.4.1-3.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64"
},
"product_reference": "freerdp-2:2.4.1-3.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-2:2.4.1-3.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le"
},
"product_reference": "freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-2:2.4.1-3.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x"
},
"product_reference": "freerdp-2:2.4.1-3.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-2:2.4.1-3.el9_0.7.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src"
},
"product_reference": "freerdp-2:2.4.1-3.el9_0.7.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-2:2.4.1-3.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64"
},
"product_reference": "freerdp-2:2.4.1-3.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64"
},
"product_reference": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686"
},
"product_reference": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le"
},
"product_reference": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x"
},
"product_reference": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
},
"product_reference": "freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64"
},
"product_reference": "freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686"
},
"product_reference": "freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le"
},
"product_reference": "freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x"
},
"product_reference": "freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64"
},
"product_reference": "freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64"
},
"product_reference": "freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686"
},
"product_reference": "freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le"
},
"product_reference": "freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x"
},
"product_reference": "freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-libs-2:2.4.1-3.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64"
},
"product_reference": "freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64"
},
"product_reference": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686"
},
"product_reference": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le"
},
"product_reference": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x"
},
"product_reference": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
},
"product_reference": "freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr-2:2.4.1-3.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64"
},
"product_reference": "libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr-2:2.4.1-3.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686"
},
"product_reference": "libwinpr-2:2.4.1-3.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr-2:2.4.1-3.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le"
},
"product_reference": "libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr-2:2.4.1-3.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x"
},
"product_reference": "libwinpr-2:2.4.1-3.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr-2:2.4.1-3.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64"
},
"product_reference": "libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64"
},
"product_reference": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686"
},
"product_reference": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le"
},
"product_reference": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x"
},
"product_reference": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
},
"product_reference": "libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25952",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-02-25T21:05:13.090191+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the `xf_SetWindowMinMaxInfo` function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol (RAIL) channel thread is still using the pointer. This flaw can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freerdp: FreeRDP: Denial of service due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25952"
},
{
"category": "external",
"summary": "RHBZ#2442768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25952",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25952"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25952",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25952"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1167",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1167"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1174",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1174"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1178",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1178"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1230-L1238",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1230-L1238"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L643",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L643"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1111",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1111"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1128",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1128"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1394",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1394"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1428",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1428"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/commit/1994e9844212a6dfe0ff12309fef520e888986b5",
"url": "https://github.com/FreeRDP/FreeRDP/commit/1994e9844212a6dfe0ff12309fef520e888986b5"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqm-cwjg-7w9x",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqm-cwjg-7w9x"
}
],
"release_date": "2026-02-25T20:24:07.396000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T23:28:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "freerdp: FreeRDP: Denial of service due to use-after-free vulnerability"
},
{
"cve": "CVE-2026-26986",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-02-25T22:01:48.196510+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This double free vulnerability occurs during the cleanup process when a remote desktop session disconnects. Specifically, if a title allocation fails, a pointer to an application window is freed but not removed from a tracking table. Later, during disconnection, the same pointer is freed again, which can lead to a crash and result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26986"
},
{
"category": "external",
"summary": "RHBZ#2442782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26986"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1230-L1238",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1230-L1238"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1297",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1297"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1316-L1327",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L1316-L1327"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L386-L394",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L386-L394"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L395-L399",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L395-L399"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L401-L404",
"url": "https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_rail.c#L401-L404"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/commit/b4f0f0a18fe53aa8d47d062f91471f4e9c5e0d51",
"url": "https://github.com/FreeRDP/FreeRDP/commit/b4f0f0a18fe53aa8d47d062f91471f4e9c5e0d51"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-crqx-g6x5-rx47",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-crqx-g6x5-rx47"
}
],
"release_date": "2026-02-25T21:01:16.916000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T23:28:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect"
},
{
"cve": "CVE-2026-27951",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-02-25T22:01:53.244762+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442783"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The `Stream_EnsureCapacity` function can create an endless blocking loop, leading to a Denial of Service (DoS). This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than or equal to the `SIZE_MAX` variable, potentially affecting both client and server implementations using FreeRDP.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27951"
},
{
"category": "external",
"summary": "RHBZ#2442783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27951",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27951"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/commit/118afc0b954ba9d5632b7836ad24e454555ed113",
"url": "https://github.com/FreeRDP/FreeRDP/commit/118afc0b954ba9d5632b7836ad24e454555ed113"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qcfc-ghxr-h927",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qcfc-ghxr-h927"
}
],
"release_date": "2026-02-25T21:07:30.828000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T23:28:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity"
},
{
"cve": "CVE-2026-29775",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-03-13T18:03:02.976460+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447379"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP\u0027s bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can send a CACHE_BITMAP_ORDER (Rev1) with cacheId equal to maxCells, bypassing the guard and accessing cells[] one element past the allocated array. A malicious server can trigger a client-side heap out-of-bounds access (READ of 4 bytes, followed by potential WRITE of a pointer) on the bitmap cache cells array, causing a crash (DoS) and heap corruption. The off-by-one accesses cells[maxCells] which reads from and writes to adjacent heap memory, potentially enabling pointer overwrite for code execution depending on heap layout.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29775"
},
{
"category": "external",
"summary": "RHBZ#2447379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29775"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/commit/ffad58fd2b329efd81a3239e9d7e3c927b8e503f",
"url": "https://github.com/FreeRDP/FreeRDP/commit/ffad58fd2b329efd81a3239e9d7e3c927b8e503f"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h666-rfw3-jhvj",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h666-rfw3-jhvj"
}
],
"release_date": "2026-03-13T17:28:39.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T23:28:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId"
},
{
"cve": "CVE-2026-31883",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-03-13T18:03:27.048426+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol (RDP). A remote attacker can exploit a size_t underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a heap-buffer-overflow write, which can result in a denial of service for the FreeRDP client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freerdp: FreeRDP: Denial of Service via crafted audio data in RDP",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has protection mechanisms in place, such as FORTIFY_SOURCE, Position Independent Executables or Stack Smashing Protection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31883"
},
{
"category": "external",
"summary": "RHBZ#2447386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31883"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8",
"url": "https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5"
}
],
"release_date": "2026-03-13T17:35:17.411000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T23:28:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16485"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "freerdp: FreeRDP: Denial of Service via crafted audio data in RDP"
},
{
"cve": "CVE-2026-31884",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"discovery_date": "2026-03-13T18:03:23.405449+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447385"
}
],
"notes": [
{
"category": "description",
"text": "A division by zero flaw has been discovered in FreeRDP. This division by zero exists in the MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context-\u003ecommon.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31884"
},
{
"category": "external",
"summary": "RHBZ#2447385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31884",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31884"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/commit/03b48b3601d867afccac1cdc6081de7a275edce7",
"url": "https://github.com/FreeRDP/FreeRDP/commit/03b48b3601d867afccac1cdc6081de7a275edce7"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8",
"url": "https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jp7m-94ww-p56r",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jp7m-94ww-p56r"
}
],
"release_date": "2026-03-13T17:36:57.722000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T23:28:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0"
},
{
"cve": "CVE-2026-31885",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-03-13T18:03:16.679482+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447383"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. An attacker may be able to leverage this weakness to leak global data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31885"
},
{
"category": "external",
"summary": "RHBZ#2447383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31885",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31885"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8",
"url": "https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h23r-3988-3wf3",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h23r-3988-3wf3"
}
],
"release_date": "2026-03-13T17:38:23.756000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T23:28:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks"
},
{
"cve": "CVE-2026-33985",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-03-30T22:01:15.992626+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453217"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33985"
},
{
"category": "external",
"summary": "RHBZ#2453217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33985",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33985"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25",
"url": "https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25"
},
{
"category": "external",
"summary": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85"
}
],
"release_date": "2026-03-30T21:43:13.335000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T23:28:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:freerdp-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-debugsource-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:freerdp-libs-debuginfo-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-2:2.4.1-3.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libwinpr-debuginfo-2:2.4.1-3.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…