oss-sec mailing list archives

FreeRDP fixes 12 CVEs in 3.22.0 release

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Mon, 9 Feb 2026 15:31:46 -0800

https://www.freerdp.com/2026/01/28/3_22_0-release announced:
> FreeRDP 3.22.0 has just been released and uploaded to
>
> https://pub.freerdp.com/releases/
>
> Major bugfix release:
>
>   * Complete overhaul of SDL client
>   * Introduction of new WINPR_ATTR_NODISCARD macro wrapping compiler or
>      C language version specific [[nodiscard]] attributes
>   * Addition of WINPR_ATTR_NODISCARD to (some) public API functions so
>     usage errors are producing warnings now
>   * Add some more stringify functions for logging
>   * We’ve received CVE reports, check
>      https://github.com/FreeRDP/FreeRDP/security/advisories for more details!
>       - @Keryer reported an issue affecting client and proxy:
>             CVE-2026-23948
>       - @ehdgks0627 did some more fuzzying and found quite a number of client
>         side bugs.
>             CVE-2026-24682
>             CVE-2026-24683
>             CVE-2026-24676
>             CVE-2026-24677
>             CVE-2026-24678
>             CVE-2026-24684
>             CVE-2026-24679
>             CVE-2026-24681
>             CVE-2026-24675
>             CVE-2026-24491
>             CVE-2026-24680

More details on each of these are available at:

- CVE-2026-23948 NULL Pointer Dereference in `rdp_write_logon_info_v2()`
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6f3c-qvqq-2px5

- CVE-2026-24682 Heap-buffer-overflow in audio_formats_free
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcw2-pqgw-mx6g

- CVE-2026-24683 Heap-use-after-free in ainput_send_input_event
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-45pf-68pj-fg8q

- CVE-2026-24676 Heap-use-after-free in audio_format_compatible
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qh5p-frq4-pgxj

- CVE-2026-24677 Heap-buffer-overflow in ecam_encoder_compress_h264
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xw37-j744-f8v7

- CVE-2026-24678 Heap-use-after-free in cam_v4l_stream_capture_thread
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h

- CVE-2026-24684 Heap-use-after-free in play_thread
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q

- CVE-2026-24679 Heap-buffer-overflow in urb_select_interface
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2jp4-67x6-gv7x

- CVE-2026-24681 Heap-use-after-free in urb_bulk_transfer_cb
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ccvv-hg2w-6x9j

- CVE-2026-24675 Heap-use-after-free in urb_select_interface
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x9jr-99h2-g7mj

- CVE-2026-24491 Heap-use-after-free in video_timer
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4x6j-w49r-869g

- CVE-2026-24680 Heap-use-after-free in update_pointer_new(SDL)
  https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j893-9wg8-33rc

Current thread:

FreeRDP fixes 12 CVEs in 3.22.0 release Alan Coopersmith (Feb 09)
- Re: FreeRDP fixes 12 CVEs in 3.22.0 release Solar Designer (Feb 09)