UbuntuUpdates.org

Package "freerdp3"

Name: freerdp3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Free Remote Desktop Protocol library (client library)
  • Free Remote Desktop Protocol library (server library)
  • Free Remote Desktop Protocol library (core library)
  • Windows Portable Runtime Tools library
Latest version: 3.5.1+dfsg1-0ubuntu1.4
Release: noble (24.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "freerdp3" in Noble

Repository Area Version
base universe 3.5.0+dfsg1-0ubuntu1
base main 3.5.0+dfsg1-0ubuntu1
security main 3.5.1+dfsg1-0ubuntu1.4
security universe 3.5.1+dfsg1-0ubuntu1.4
updates universe 3.5.1+dfsg1-0ubuntu1.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.5.1+dfsg1-0ubuntu1.4 2026-03-19 04:07:59 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1.4) noble-security; urgency=medium

  * SECURITY UPDATE: use-after-free via race condition
    - debian/patches/CVE-2026-22851-pre1.patch: replace std::lock_guard
      with std::scoped_lock in client/SDL/dialogs/sdl_dialogs.cpp,
      client/SDL/sdl_freerdp.cpp,
      server/proxy/modules/dyn-channel-dump/dyn-channel-dump.cpp.
    - debian/patches/CVE-2026-22851.patch: lock primary while used in
      client/SDL/sdl_freerdp.cpp.
    - CVE-2026-22851
  * SECURITY UPDATE: heap-buffer-overflow via Audio Input format lists
    - debian/patches/CVE-2026-22852.patch: free up old audio formats in
      channels/audin/client/audin_main.c.
    - CVE-2026-22852
  * SECURITY UPDATE: heap-buffer-overflow in drive read
    - debian/patches/CVE-2026-22854.patch: fix constant type in
      channels/drive/client/drive_main.c.
    - CVE-2026-22854
  * SECURITY UPDATE: heap OOB read in the smartcard SetAttrib path
    - debian/patches/CVE-2026-22855.patch: add length validity checks in
      libfreerdp/utils/smartcard_pack.c.
    - CVE-2026-22855
  * SECURITY UPDATE: race in the serial channel IRP thread tracking
    - debian/patches/CVE-2026-22856-pre1.patch: fix IrpThread handling in
      channels/serial/client/serial_main.c.
    - debian/patches/CVE-2026-22856-1.patch: lock list dictionary in
      channels/serial/client/serial_main.c.
    - debian/patches/CVE-2026-22856-2.patch: explicitly lock
      serial->IrpThreads in channels/serial/client/serial_main.c.
    - CVE-2026-22856
  * SECURITY UPDATE: heap use-after-free in irp_thread_func
    - debian/patches/CVE-2026-22857.patch: fix use after free in
      channels/serial/client/serial_main.c.
    - CVE-2026-22857
  * SECURITY UPDATE: global-buffer-overflow in Base64 decoding
    - debian/patches/CVE-2026-22858-1.patch: ensure char is singend in
      libfreerdp/crypto/base64.c.
    - debian/patches/CVE-2026-22858-2.patch: do proper length checks in
      libfreerdp/crypto/base64.c.
    - CVE-2026-22858
  * SECURITY UPDATE: OOB read via MSUSB_INTERFACE_DESCRIPTOR values
    - debian/patches/CVE-2026-22859.patch: check interface indices before
      use in channels/urbdrc/client/data_transfer.c,
      channels/urbdrc/client/libusb/libusb_udevice.c,
      channels/urbdrc/client/libusb/libusb_udevice.c.
    - CVE-2026-22859
  * SECURITY UPDATE: heap buffer overflow in RLE decode
    - debian/patches/CVE-2026-23530.patch: fix decoder length checks in
      libfreerdp/codec/planar.c.
    - CVE-2026-23530
  * SECURITY UPDATE: OOB read/write via crafted RDPGFX surface updates
    - debian/patches/CVE-2026-23531-1.patch: fix missing length checks in
      libfreerdp/codec/clear.c.
    - debian/patches/CVE-2026-23531-2.patch: check clear_decomress
      glyphData in libfreerdp/codec/clear.c.
    - CVE-2026-23531
  * SECURITY UPDATE: client-side heap overflow in gdi_SurfaceToSurface
    - debian/patches/CVE-2026-23532.patch: properly clamp SurfaceToSurface
      in libfreerdp/gdi/gfx.c.
    - CVE-2026-23532
  * SECURITY UPDATE: client-side heap overflow in RDPGFX ClearCodec
    - debian/patches/CVE-2026-23533.patch: fix clear_resize_buffer checks
      in libfreerdp/codec/clear.c.
    - CVE-2026-23533
  * SECURITY UPDATE: client-side heap overflow in ClearCodec bands decode
    - debian/patches/CVE-2026-23534.patch: fix off by one length check in
      libfreerdp/codec/clear.c.
    - CVE-2026-23534
  * SECURITY UPDATE: overflow in FastGlyph parsing
    - debian/patches/CVE-2026-23732.patch: add freerdp_glyph_convert_ex in
      include/freerdp/codec/color.h, libfreerdp/codec/color.c.
    - debian/libfreerdp3-3.symbols: added new symbol.
    - CVE-2026-23732
  * SECURITY UPDATE: client‑side use after free via invalid Pointer
    - debian/patches/CVE-2026-23883.patch: fix double free in case of
      invalid pointer in client/X11/xf_graphics.c.
    - CVE-2026-23883
  * SECURITY UPDATE: client-side UaF via offscreen bitmap deletion
    - debian/patches/CVE-2026-23884.patch: invalidate bitmap before free in
      libfreerdp/cache/offscreen.c.
    - CVE-2026-23884
  * SECURITY UPDATE: OOB read in RDPGFX channel
    - debian/patches/CVE-2026-25941.patch: check available stream length in
      channels/rdpgfx/client/rdpgfx_main.c.
    - CVE-2026-25941
  * SECURITY UPDATE: OOB read via execResult value
    - debian/patches/CVE-2026-25942.patch: stringfiy functions for RAILS in
      client/X11/xf_rail.c.
    - CVE-2026-25942
  * SECURITY UPDATE: multiple window issues
    - debian/patches/CVE-2026-25952_3_4.patch: lock appWindow in
      client/X11/xf_event.c, client/X11/xf_graphics.c,
      client/X11/xf_rail.c, client/X11/xf_rail.h, client/X11/xf_window.c,
      client/X11/xf_window.h.
    - CVE-2026-25952
    - CVE-2026-25953
    - CVE-2026-25954
  * SECURITY UPDATE: use after free RDPGFX surface buffer
    - debian/patches/CVE-2026-25955.patch: destroy XImage on window unmap
      in client/X11/xf_gfx.c, client/X11/xf_window.c,
      client/X11/xf_window.h.
    - CVE-2026-25955
  * SECURITY UPDATE: use after free in xf_cliprdr_provide_data_
    - debian/patches/CVE-2026-25959.patch: lock cache when providing data
      in client/X11/xf_cliprdr.c.
    - CVE-2026-25959
  * SECURITY UPDATE: use after free in xf_clipboard_format_equal
    - debian/patches/CVE-2026-25997.patch: fix clipboard update in
      client/X11/xf_cliprdr.c.
    - CVE-2026-25997
  * SECURITY UPDATE: buffer overread in freerdp_image_copy_from_icon_data()
    - debian/patches/CVE-2026-26271.patch: fix input length checks in
      libfreerdp/codec/color.c.
    - CVE-2026-26271
  * SECURITY UPDATE: heap buffer overflow in GDI surface pipeline
    - debian/patches/CVE-2026-26955.patch: fix destination checks in
      libfreerdp/codec/clear.c.
    - CVE-2026-26955
  * SECURITY UPDATE: OOB write in RLE planar decode path
    - debian/patches/CVE-2026-26965.patch: fix missing destination bounds
      checks in libfreerdp/codec/planar.c.
    - CVE-2026-26965
  * SE
Source diff to previous version
CVE-2026-22851 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread
CVE-2026-22852 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in
CVE-2026-22854 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlle
CVE-2026-22855 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path wh
CVE-2026-22856 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑
CVE-2026-22857 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is
CVE-2026-22858 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding pa
CVE-2026-22859 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑suppli
CVE-2026-23530 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWi
CVE-2026-23531 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompre
CVE-2026-23532 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP c
CVE-2026-23533 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX Cle
CVE-2026-23534 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec
CVE-2026-23732 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and neve
CVE-2026-23883 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `poi
CVE-2026-23884 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to
CVE-2026-25941 FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0
CVE-2026-25942 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_c
CVE-2026-25952 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow`
CVE-2026-25953 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWi
CVE-2026-25954 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAp
CVE-2026-25955 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` wh
CVE-2026-25959 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XCha
CVE-2026-25997 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` m
CVE-2026-26271 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()`
CVE-2026-26955 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow i
CVE-2026-26965 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle
CVE-2026-26986 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` point
CVE-2026-27015 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in `smartcard_unpack_read_size_align
CVE-2026-27951 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create an endless

Version: 3.5.1+dfsg1-0ubuntu1.2 2026-02-16 10:07:51 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2026-23948.patch: fix missing NULL check
    - CVE-2026-23948
  * SECURITY UPDATE: heap overflow
    - debian/patches/CVE-2026-24491-1.patch: reset channel_callback
      before close
    - debian/patches/CVE-2026-24491-2.patch: check pointer before
      reset
    - debian/patches/CVE-2026-24675.patch: do not free MsConfig on
      failure
    - debian/patches/CVE-2026-24679.patch: ensure InterfaceNumber is
      within range
    - debian/patches/CVE-2026-24682.patch: fix audin_server_recv_formats
      cleanup
    - CVE-2026-24491
    - CVE-2026-24675
    - CVE-2026-24679
    - CVE-2026-24682
  * SECURITY UPDATE: heap use after free
    - debian/patches/CVE-2026-24676.patch: reset audin->format
    - debian/patches/CVE-2026-24680.patch: reset pointer after memory
      release
    - debian/patches/CVE-2026-24681.patch: cancel all usb transfers on
      channel close
    - debian/patches/CVE-2026-24683.patch: lock context when updating
      listener
    - debian/patches/CVE-2026-24684-1.patch: terminate thread before
      free
    - debian/patches/CVE-2026-24684-2.patch: only clean up thread
      before free
    - CVE-2026-24676
    - CVE-2026-24680
    - CVE-2026-24681
    - CVE-2026-24683
    - CVE-2026-24684

 -- Nishit Majithia <email address hidden> Thu, 12 Feb 2026 19:23:45 +0530
Source diff to previous version
CVE-2026-23948 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2
CVE-2026-24491 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel
CVE-2026-24675 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but l
CVE-2026-24679 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array i
CVE-2026-24682 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio format
CVE-2026-24676 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the c
CVE-2026-24680 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_
CVE-2026-24681 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel cal
CVE-2026-24683 FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses i
CVE-2026-24684 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the

Version: 3.5.1+dfsg1-0ubuntu1.1 2025-07-08 17:44:01 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted RDP packet
    - debian/patches/CVE-2025-4478.patch: initialize function pointers
      after resource allocation in libfreerdp/core/transport.c.
    - CVE-2025-4478

 -- Marc Deslauriers <email address hidden> Mon, 07 Jul 2025 14:44:55 -0400
Source diff to previous version
CVE-2025-4478 A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue

Version: 3.5.1+dfsg1-0ubuntu1 2024-04-29 19:06:55 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1) noble-security; urgency=medium

  * SECURITY UPDATE: updated to 3.5.1 to fix multiple security issues
    - CVE-2024-32658 [Low] ExtractRunLengthRegular* out of bound read
    - CVE-2024-32659 [Low] freerdp_image_copy out of bound read
    - CVE-2024-32660 [Low] zgfx_decompress out of memory
    - CVE-2024-32661 [Low] rdp_write_logon_info_v1 NULL access
    - CVE-2024-32662 [Low] rdp_redirection_read_base64_wchar out of bound read

 -- Marc Deslauriers <email address hidden> Mon, 29 Apr 2024 10:25:11 -0400
CVE-2024-32658 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V
CVE-2024-32659 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if
CVE-2024-32660 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i
CVE-2024-32661 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc
CVE-2024-32662 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. T


About   -   Send Feedback to @ubuntu_updates