Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-27950 (GCVE-0-2026-27950)
Vulnerability from cvelistv5 – Published: 2026-02-25 21:05 – Updated: 2026-02-26 20:38
VLAI?
EPSS
Title
FreeRDP heap-use-after-free in update_pointer_new(SDL): Fix Applied in the Wrong File
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T20:37:16.691890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T20:38:07.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T21:05:23.581Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rvfg-86cr-5r6p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rvfg-86cr-5r6p"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/5f62aa11c1bdf00f94c40ea9ebb260a752740b80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/5f62aa11c1bdf00f94c40ea9ebb260a752740b80"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/blob/master/client/SDL/SDL2/sdl_pointer.cpp#L63-L64",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/blob/master/client/SDL/SDL2/sdl_pointer.cpp#L63-L64"
}
],
"source": {
"advisory": "GHSA-rvfg-86cr-5r6p",
"discovery": "UNKNOWN"
},
"title": "FreeRDP heap-use-after-free in update_pointer_new(SDL): Fix Applied in the Wrong File"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27950",
"datePublished": "2026-02-25T21:05:23.581Z",
"dateReserved": "2026-02-25T03:11:36.690Z",
"dateUpdated": "2026-02-26T20:38:07.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-27950",
"date": "2026-05-04",
"epss": "0.00115",
"percentile": "0.29673"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-27950\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-25T22:16:27.297\",\"lastModified\":\"2026-02-27T19:10:21.367\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0.\"},{\"lang\":\"es\",\"value\":\"FreeRDP es una implementaci\u00f3n gratuita del Protocolo de Escritorio Remoto. Antes de la versi\u00f3n 3.23.0, la correcci\u00f3n para el uso despu\u00e9s de liberaci\u00f3n del mont\u00f3n descrita en CVE-2026-24680 est\u00e1 incompleta. Aunque el flujo de ejecuci\u00f3n vulnerable referenciado en el aviso existe en la implementaci\u00f3n de SDL2, la correcci\u00f3n parece haberse aplicado solo a la ruta de c\u00f3digo de SDL3. En la implementaci\u00f3n de SDL2, el puntero no se anula despu\u00e9s de la liberaci\u00f3n. Esto crea una situaci\u00f3n donde el aviso sugiere que la vulnerabilidad est\u00e1 completamente resuelta, mientras que las compilaciones o entornos que a\u00fan usan SDL2 pueden retener la l\u00f3gica vulnerable. Una correcci\u00f3n completa est\u00e1 disponible en la versi\u00f3n 3.23.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.23.0\",\"matchCriteriaId\":\"31715854-6D23-4207-AB69-27707C7B2D42\"}]}]}],\"references\":[{\"url\":\"https://github.com/FreeRDP/FreeRDP/blob/master/client/SDL/SDL2/sdl_pointer.cpp#L63-L64\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/FreeRDP/FreeRDP/commit/5f62aa11c1bdf00f94c40ea9ebb260a752740b80\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rvfg-86cr-5r6p\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"FreeRDP heap-use-after-free in update_pointer_new(SDL): Fix Applied in the Wrong File\", \"source\": {\"advisory\": \"GHSA-rvfg-86cr-5r6p\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"FreeRDP\", \"product\": \"FreeRDP\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.23.0\"}]}], \"references\": [{\"url\": \"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rvfg-86cr-5r6p\", \"name\": \"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rvfg-86cr-5r6p\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/FreeRDP/FreeRDP/commit/5f62aa11c1bdf00f94c40ea9ebb260a752740b80\", \"name\": \"https://github.com/FreeRDP/FreeRDP/commit/5f62aa11c1bdf00f94c40ea9ebb260a752740b80\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758\", \"name\": \"https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FreeRDP/FreeRDP/blob/master/client/SDL/SDL2/sdl_pointer.cpp#L63-L64\", \"name\": \"https://github.com/FreeRDP/FreeRDP/blob/master/client/SDL/SDL2/sdl_pointer.cpp#L63-L64\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416: Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-25T21:05:23.581Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27950\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-26T20:37:16.691890Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-02-26T20:38:01.796Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-27950\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-25T21:05:23.581Z\", \"dateReserved\": \"2026-02-25T03:11:36.690Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-25T21:05:23.581Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:1633-1
Vulnerability from csaf_suse - Published: 2026-04-27 12:05 - Updated: 2026-04-27 12:05Summary
Security update for freerdp
Severity
Important
Notes
Title of the patch: Security update for freerdp
Description of the patch: This update for freerdp fixes the following issues:
- CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted `WIRE_TO_SURFACE_2` PDU (bsc#1258919).
- CVE-2026-25942: Global-buffer-overflow in `xf_rail_server_execute_result` (bsc#1258920).
- CVE-2026-25952: Heap-use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921).
- CVE-2026-25953: Heap-use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923).
- CVE-2026-25954: Heap-use-after-free in `xf_rail_server_local_move_size` (bsc#1258924).
- CVE-2026-25955: Heap-use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258973).
- CVE-2026-25959: Heap-use-after-free in `xf_cliprdr_provide_data_` (bsc#1258976).
- CVE-2026-25997: Heap-use-after-free in `xf_clipboard_format_equal` (bsc#1258977).
- CVE-2026-26986: Heap-use-after-free in `rail_window_free` (bsc#1258967).
- CVE-2026-27015: Smartcard NDR alignment padding triggers reachable `WINPR_ASSERT` abort (bsc#1258987).
- CVE-2026-27950: Denial of service due to incomplete fix for heap-use-after-free vulnerability (bsc#1258941).
- CVE-2026-27951: Denial of service via endless blocking loop in `Stream_EnsureCapacity` (bsc#1258939).
- CVE-2026-29774: Missing bounds validation can cause a client-side heap buffer overflow (bsc#1259689).
- CVE-2026-29775: Malicious server can trigger a client-side heap out-of-bounds access (bsc#1259684).
- CVE-2026-29776: Missing length check can lead to an integer underflow (bsc#1259692).
- CVE-2026-31897: Missing length check can cause an out-of-bounds read (bsc#1259693).
Patchnames: SUSE-2026-1633,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1633,SUSE-SLE-Product-WE-15-SP7-2026-1633
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for freerdp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for freerdp fixes the following issues:\n\n- CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted `WIRE_TO_SURFACE_2` PDU (bsc#1258919).\n- CVE-2026-25942: Global-buffer-overflow in `xf_rail_server_execute_result` (bsc#1258920).\n- CVE-2026-25952: Heap-use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921).\n- CVE-2026-25953: Heap-use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923).\n- CVE-2026-25954: Heap-use-after-free in `xf_rail_server_local_move_size` (bsc#1258924).\n- CVE-2026-25955: Heap-use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258973).\n- CVE-2026-25959: Heap-use-after-free in `xf_cliprdr_provide_data_` (bsc#1258976).\n- CVE-2026-25997: Heap-use-after-free in `xf_clipboard_format_equal` (bsc#1258977).\n- CVE-2026-26986: Heap-use-after-free in `rail_window_free` (bsc#1258967).\n- CVE-2026-27015: Smartcard NDR alignment padding triggers reachable `WINPR_ASSERT` abort (bsc#1258987).\n- CVE-2026-27950: Denial of service due to incomplete fix for heap-use-after-free vulnerability (bsc#1258941).\n- CVE-2026-27951: Denial of service via endless blocking loop in `Stream_EnsureCapacity` (bsc#1258939).\n- CVE-2026-29774: Missing bounds validation can cause a client-side heap buffer overflow (bsc#1259689).\n- CVE-2026-29775: Malicious server can trigger a client-side heap out-of-bounds access (bsc#1259684).\n- CVE-2026-29776: Missing length check can lead to an integer underflow (bsc#1259692).\n- CVE-2026-31897: Missing length check can cause an out-of-bounds read (bsc#1259693).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1633,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1633,SUSE-SLE-Product-WE-15-SP7-2026-1633",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1633-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1633-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261633-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1633-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/046047.html"
},
{
"category": "self",
"summary": "SUSE Bug 1258919",
"url": "https://bugzilla.suse.com/1258919"
},
{
"category": "self",
"summary": "SUSE Bug 1258920",
"url": "https://bugzilla.suse.com/1258920"
},
{
"category": "self",
"summary": "SUSE Bug 1258921",
"url": "https://bugzilla.suse.com/1258921"
},
{
"category": "self",
"summary": "SUSE Bug 1258923",
"url": "https://bugzilla.suse.com/1258923"
},
{
"category": "self",
"summary": "SUSE Bug 1258924",
"url": "https://bugzilla.suse.com/1258924"
},
{
"category": "self",
"summary": "SUSE Bug 1258939",
"url": "https://bugzilla.suse.com/1258939"
},
{
"category": "self",
"summary": "SUSE Bug 1258941",
"url": "https://bugzilla.suse.com/1258941"
},
{
"category": "self",
"summary": "SUSE Bug 1258967",
"url": "https://bugzilla.suse.com/1258967"
},
{
"category": "self",
"summary": "SUSE Bug 1258973",
"url": "https://bugzilla.suse.com/1258973"
},
{
"category": "self",
"summary": "SUSE Bug 1258976",
"url": "https://bugzilla.suse.com/1258976"
},
{
"category": "self",
"summary": "SUSE Bug 1258977",
"url": "https://bugzilla.suse.com/1258977"
},
{
"category": "self",
"summary": "SUSE Bug 1258987",
"url": "https://bugzilla.suse.com/1258987"
},
{
"category": "self",
"summary": "SUSE Bug 1259680",
"url": "https://bugzilla.suse.com/1259680"
},
{
"category": "self",
"summary": "SUSE Bug 1259684",
"url": "https://bugzilla.suse.com/1259684"
},
{
"category": "self",
"summary": "SUSE Bug 1259689",
"url": "https://bugzilla.suse.com/1259689"
},
{
"category": "self",
"summary": "SUSE Bug 1259692",
"url": "https://bugzilla.suse.com/1259692"
},
{
"category": "self",
"summary": "SUSE Bug 1259693",
"url": "https://bugzilla.suse.com/1259693"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25941 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25942 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25952 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25953 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25954 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25955 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25959 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25997 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27015 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27950 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27951 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-29774 page",
"url": "https://www.suse.com/security/cve/CVE-2026-29774/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-29775 page",
"url": "https://www.suse.com/security/cve/CVE-2026-29775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-29776 page",
"url": "https://www.suse.com/security/cve/CVE-2026-29776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31884 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31897 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31897/"
}
],
"title": "Security update for freerdp",
"tracking": {
"current_release_date": "2026-04-27T12:05:30Z",
"generator": {
"date": "2026-04-27T12:05:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1633-1",
"initial_release_date": "2026-04-27T12:05:30Z",
"revision_history": [
{
"date": "2026-04-27T12:05:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "freerdp-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "freerdp-3.10.3-150700.3.14.1.aarch64",
"product_id": "freerdp-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"product_id": "freerdp-devel-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"product_id": "freerdp-proxy-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.aarch64",
"product_id": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-sdl-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "freerdp-sdl-3.10.3-150700.3.14.1.aarch64",
"product_id": "freerdp-sdl-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-server-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "freerdp-server-3.10.3-150700.3.14.1.aarch64",
"product_id": "freerdp-server-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"product_id": "freerdp-wayland-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.aarch64",
"product_id": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.aarch64",
"product_id": "libfreerdp3-3-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "librdtk0-0-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "librdtk0-0-3.10.3-150700.3.14.1.aarch64",
"product_id": "librdtk0-0-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"product_id": "libuwac0-0-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwinpr3-3-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "libwinpr3-3-3.10.3-150700.3.14.1.aarch64",
"product_id": "libwinpr3-3-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "rdtk0-devel-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "rdtk0-devel-3.10.3-150700.3.14.1.aarch64",
"product_id": "rdtk0-devel-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "uwac0-devel-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "uwac0-devel-3.10.3-150700.3.14.1.aarch64",
"product_id": "uwac0-devel-3.10.3-150700.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "winpr-devel-3.10.3-150700.3.14.1.aarch64",
"product": {
"name": "winpr-devel-3.10.3-150700.3.14.1.aarch64",
"product_id": "winpr-devel-3.10.3-150700.3.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-3.10.3-150700.3.14.1.i586",
"product": {
"name": "freerdp-3.10.3-150700.3.14.1.i586",
"product_id": "freerdp-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "freerdp-devel-3.10.3-150700.3.14.1.i586",
"product": {
"name": "freerdp-devel-3.10.3-150700.3.14.1.i586",
"product_id": "freerdp-devel-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-3.10.3-150700.3.14.1.i586",
"product": {
"name": "freerdp-proxy-3.10.3-150700.3.14.1.i586",
"product_id": "freerdp-proxy-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.i586",
"product": {
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.i586",
"product_id": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "freerdp-sdl-3.10.3-150700.3.14.1.i586",
"product": {
"name": "freerdp-sdl-3.10.3-150700.3.14.1.i586",
"product_id": "freerdp-sdl-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "freerdp-server-3.10.3-150700.3.14.1.i586",
"product": {
"name": "freerdp-server-3.10.3-150700.3.14.1.i586",
"product_id": "freerdp-server-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "freerdp-wayland-3.10.3-150700.3.14.1.i586",
"product": {
"name": "freerdp-wayland-3.10.3-150700.3.14.1.i586",
"product_id": "freerdp-wayland-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.i586",
"product": {
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.i586",
"product_id": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.i586",
"product": {
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.i586",
"product_id": "libfreerdp3-3-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "librdtk0-0-3.10.3-150700.3.14.1.i586",
"product": {
"name": "librdtk0-0-3.10.3-150700.3.14.1.i586",
"product_id": "librdtk0-0-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "libuwac0-0-3.10.3-150700.3.14.1.i586",
"product": {
"name": "libuwac0-0-3.10.3-150700.3.14.1.i586",
"product_id": "libuwac0-0-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "libwinpr3-3-3.10.3-150700.3.14.1.i586",
"product": {
"name": "libwinpr3-3-3.10.3-150700.3.14.1.i586",
"product_id": "libwinpr3-3-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "rdtk0-devel-3.10.3-150700.3.14.1.i586",
"product": {
"name": "rdtk0-devel-3.10.3-150700.3.14.1.i586",
"product_id": "rdtk0-devel-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "uwac0-devel-3.10.3-150700.3.14.1.i586",
"product": {
"name": "uwac0-devel-3.10.3-150700.3.14.1.i586",
"product_id": "uwac0-devel-3.10.3-150700.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "winpr-devel-3.10.3-150700.3.14.1.i586",
"product": {
"name": "winpr-devel-3.10.3-150700.3.14.1.i586",
"product_id": "winpr-devel-3.10.3-150700.3.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "freerdp-3.10.3-150700.3.14.1.ppc64le",
"product_id": "freerdp-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"product_id": "freerdp-devel-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"product_id": "freerdp-proxy-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.ppc64le",
"product_id": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-sdl-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "freerdp-sdl-3.10.3-150700.3.14.1.ppc64le",
"product_id": "freerdp-sdl-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"product_id": "freerdp-server-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"product_id": "freerdp-wayland-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.ppc64le",
"product_id": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.ppc64le",
"product_id": "libfreerdp3-3-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "librdtk0-0-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "librdtk0-0-3.10.3-150700.3.14.1.ppc64le",
"product_id": "librdtk0-0-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"product_id": "libuwac0-0-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwinpr3-3-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "libwinpr3-3-3.10.3-150700.3.14.1.ppc64le",
"product_id": "libwinpr3-3-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rdtk0-devel-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "rdtk0-devel-3.10.3-150700.3.14.1.ppc64le",
"product_id": "rdtk0-devel-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "uwac0-devel-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "uwac0-devel-3.10.3-150700.3.14.1.ppc64le",
"product_id": "uwac0-devel-3.10.3-150700.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "winpr-devel-3.10.3-150700.3.14.1.ppc64le",
"product": {
"name": "winpr-devel-3.10.3-150700.3.14.1.ppc64le",
"product_id": "winpr-devel-3.10.3-150700.3.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "freerdp-3.10.3-150700.3.14.1.s390x",
"product_id": "freerdp-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-devel-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "freerdp-devel-3.10.3-150700.3.14.1.s390x",
"product_id": "freerdp-devel-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"product_id": "freerdp-proxy-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.s390x",
"product_id": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-sdl-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "freerdp-sdl-3.10.3-150700.3.14.1.s390x",
"product_id": "freerdp-sdl-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-server-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "freerdp-server-3.10.3-150700.3.14.1.s390x",
"product_id": "freerdp-server-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"product_id": "freerdp-wayland-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.s390x",
"product_id": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.s390x",
"product_id": "libfreerdp3-3-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "librdtk0-0-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "librdtk0-0-3.10.3-150700.3.14.1.s390x",
"product_id": "librdtk0-0-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libuwac0-0-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "libuwac0-0-3.10.3-150700.3.14.1.s390x",
"product_id": "libuwac0-0-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libwinpr3-3-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "libwinpr3-3-3.10.3-150700.3.14.1.s390x",
"product_id": "libwinpr3-3-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "rdtk0-devel-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "rdtk0-devel-3.10.3-150700.3.14.1.s390x",
"product_id": "rdtk0-devel-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "uwac0-devel-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "uwac0-devel-3.10.3-150700.3.14.1.s390x",
"product_id": "uwac0-devel-3.10.3-150700.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "winpr-devel-3.10.3-150700.3.14.1.s390x",
"product": {
"name": "winpr-devel-3.10.3-150700.3.14.1.s390x",
"product_id": "winpr-devel-3.10.3-150700.3.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "freerdp-3.10.3-150700.3.14.1.x86_64",
"product_id": "freerdp-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"product_id": "freerdp-devel-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"product_id": "freerdp-proxy-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"product_id": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"product_id": "freerdp-sdl-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-server-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "freerdp-server-3.10.3-150700.3.14.1.x86_64",
"product_id": "freerdp-server-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-wayland-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "freerdp-wayland-3.10.3-150700.3.14.1.x86_64",
"product_id": "freerdp-wayland-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"product_id": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"product_id": "libfreerdp3-3-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"product_id": "librdtk0-0-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libuwac0-0-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "libuwac0-0-3.10.3-150700.3.14.1.x86_64",
"product_id": "libuwac0-0-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"product_id": "libwinpr3-3-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "rdtk0-devel-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "rdtk0-devel-3.10.3-150700.3.14.1.x86_64",
"product_id": "rdtk0-devel-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "uwac0-devel-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "uwac0-devel-3.10.3-150700.3.14.1.x86_64",
"product_id": "uwac0-devel-3.10.3-150700.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "winpr-devel-3.10.3-150700.3.14.1.x86_64",
"product": {
"name": "winpr-devel-3.10.3-150700.3.14.1.x86_64",
"product_id": "winpr-devel-3.10.3-150700.3.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-3.10.3-150700.3.14.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64"
},
"product_reference": "freerdp-3.10.3-150700.3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-3.10.3-150700.3.14.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le"
},
"product_reference": "freerdp-3.10.3-150700.3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-3.10.3-150700.3.14.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x"
},
"product_reference": "freerdp-3.10.3-150700.3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-devel-3.10.3-150700.3.14.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64"
},
"product_reference": "freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-devel-3.10.3-150700.3.14.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le"
},
"product_reference": "freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-devel-3.10.3-150700.3.14.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x"
},
"product_reference": "freerdp-devel-3.10.3-150700.3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-3.10.3-150700.3.14.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64"
},
"product_reference": "freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-3.10.3-150700.3.14.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le"
},
"product_reference": "freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-3.10.3-150700.3.14.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x"
},
"product_reference": "freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-server-3.10.3-150700.3.14.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64"
},
"product_reference": "freerdp-server-3.10.3-150700.3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-server-3.10.3-150700.3.14.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le"
},
"product_reference": "freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-server-3.10.3-150700.3.14.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x"
},
"product_reference": "freerdp-server-3.10.3-150700.3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-wayland-3.10.3-150700.3.14.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64"
},
"product_reference": "freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-wayland-3.10.3-150700.3.14.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le"
},
"product_reference": "freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-wayland-3.10.3-150700.3.14.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x"
},
"product_reference": "freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuwac0-0-3.10.3-150700.3.14.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64"
},
"product_reference": "libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuwac0-0-3.10.3-150700.3.14.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le"
},
"product_reference": "libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuwac0-0-3.10.3-150700.3.14.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x"
},
"product_reference": "libuwac0-0-3.10.3-150700.3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "freerdp-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-devel-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-sdl-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-server-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "freerdp-server-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreerdp3-3-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librdtk0-0-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr3-3-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "winpr-devel-3.10.3-150700.3.14.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
},
"product_reference": "winpr-devel-3.10.3-150700.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25941"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client\u0027s RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory by sending a crafted WIRE_TO_SURFACE_2 PDU with a `bitmapDataLength` value larger than the actual data in the packet. This can lead to information disclosure or client crashes when a user connects to a malicious server. Versions 2.11.8 and 3.23.0 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25941",
"url": "https://www.suse.com/security/cve/CVE-2026-25941"
},
{
"category": "external",
"summary": "SUSE Bug 1258919 for CVE-2026-25941",
"url": "https://bugzilla.suse.com/1258919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-25941"
},
{
"cve": "CVE-2026-25942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25942"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0-6) with an unchecked `execResult-\u003eexecResult` value received from the server, allowing an out-of-bounds read when the server sends an `execResult` value of 7 or greater. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25942",
"url": "https://www.suse.com/security/cve/CVE-2026-25942"
},
{
"category": "external",
"summary": "SUSE Bug 1258920 for CVE-2026-25942",
"url": "https://bugzilla.suse.com/1258920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-25942"
},
{
"cve": "CVE-2026-25952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25952"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_server_min_max_info` returns an unprotected pointer from the `railWindows` hash table, and the main thread can concurrently delete the window (via a window delete order) while the RAIL channel thread is still using the pointer. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25952",
"url": "https://www.suse.com/security/cve/CVE-2026-25952"
},
{
"category": "external",
"summary": "SUSE Bug 1258921 for CVE-2026-25952",
"url": "https://bugzilla.suse.com/1258921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-25952"
},
{
"cve": "CVE-2026-25953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25953"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare pointer via `xf_rail_get_window` without any lifetime protection, while the main thread can concurrently delete the window through a fastpath window-delete order. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25953",
"url": "https://www.suse.com/security/cve/CVE-2026-25953"
},
{
"category": "external",
"summary": "SUSE Bug 1258923 for CVE-2026-25953",
"url": "https://bugzilla.suse.com/1258923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-25953"
},
{
"cve": "CVE-2026-25954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25954"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` returns an unprotected pointer from the `railWindows` hash table, and the main thread can concurrently delete the window (via a window delete order) while the RAIL channel thread is still using the pointer. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25954",
"url": "https://www.suse.com/security/cve/CVE-2026-25954"
},
{
"category": "external",
"summary": "SUSE Bug 1258924 for CVE-2026-25954",
"url": "https://bugzilla.suse.com/1258924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-25954"
},
{
"cve": "CVE-2026-25955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25955"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surface-\u003edata` without invalidating the `appWindow-\u003eimage` that aliases it. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25955",
"url": "https://www.suse.com/security/cve/CVE-2026-25955"
},
{
"category": "external",
"summary": "SUSE Bug 1258973 for CVE-2026-25955",
"url": "https://bugzilla.suse.com/1258973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-25955"
},
{
"cve": "CVE-2026-25959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25959"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls `xf_cliprdr_clear_cached_data` -\u003e `HashTable_Clear` which frees the same data via `xf_cached_data_free`, triggering a heap use after free. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25959",
"url": "https://www.suse.com/security/cve/CVE-2026-25959"
},
{
"category": "external",
"summary": "SUSE Bug 1258976 for CVE-2026-25959",
"url": "https://bugzilla.suse.com/1258976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-25959"
},
{
"cve": "CVE-2026-25997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25997"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconnect) frees the array while the X11 event thread concurrently iterates it in `xf_clipboard_changed`, triggering a heap use after free. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25997",
"url": "https://www.suse.com/security/cve/CVE-2026-25997"
},
{
"category": "external",
"summary": "SUSE Bug 1258977 for CVE-2026-25997",
"url": "https://bugzilla.suse.com/1258977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-25997"
},
{
"cve": "CVE-2026-26986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26986"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointer during `HashTable_Free` cleanup because `xf_rail_window_common` calls `free(appWindow)` on title allocation failure without first removing the entry from the `railWindows` hash table, leaving a dangling pointer that is freed again on disconnect. Version 3.23.0 fixes the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26986",
"url": "https://www.suse.com/security/cve/CVE-2026-26986"
},
{
"category": "external",
"summary": "SUSE Bug 1258967 for CVE-2026-26986",
"url": "https://bugzilla.suse.com/1258967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-26986"
},
{
"cve": "CVE-2026-27015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27015"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in `smartcard_unpack_read_size_align()` (`libfreerdp/utils/smartcard_pack.c:1703`) allows a malicious RDP server to crash the FreeRDP client via a reachable `WINPR_ASSERT` -\u003e `abort()`. The crash occurs in upstream builds where `WITH_VERBOSE_WINPR_ASSERT=ON` (default in FreeRDP 3.22.0 / current WinPR CMake defaults). Smartcard redirection must be explicitly enabled by the user (e.g., `xfreerdp /smartcard`; `/smartcard-logon` implies `/smartcard`). Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27015",
"url": "https://www.suse.com/security/cve/CVE-2026-27015"
},
{
"category": "external",
"summary": "SUSE Bug 1258987 for CVE-2026-27015",
"url": "https://bugzilla.suse.com/1258987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-27015"
},
{
"cve": "CVE-2026-27950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27950"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27950",
"url": "https://www.suse.com/security/cve/CVE-2026-27950"
},
{
"category": "external",
"summary": "SUSE Bug 1258941 for CVE-2026-27950",
"url": "https://bugzilla.suse.com/1258941"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-27950"
},
{
"cve": "CVE-2026-27951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27951"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create an endless blocking loop. This may affect all client and server implementations using `FreeRDP`. For practical exploitation this will only work on 32bit systems where the available physical memory is `\u003e= SIZE_MAX`. Version 3.23.0 contains a patch. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27951",
"url": "https://www.suse.com/security/cve/CVE-2026-27951"
},
{
"category": "external",
"summary": "SUSE Bug 1258939 for CVE-2026-27951",
"url": "https://bugzilla.suse.com/1258939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-27951"
},
{
"cve": "CVE-2026-29774",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-29774"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client\u0027s AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp() function (line 347) only validates top/bottom against the surface/YUV height, but never checks left/right against the surface width. When avc420_yuv_to_rgb (line 67) computes destination and source pointers using rect-\u003eleft, it performs unchecked pointer arithmetic that can reach far beyond the allocated surface buffer. A malicious server sends a WIRE_TO_SURFACE_PDU_1 with AVC420 codec containing a regionRects entry where left greatly exceeds the surface width (e.g., left=60000 on a 128px surface). The H.264 bitstream decodes successfully, then yuv420_process_work_callback calls avc420_yuv_to_rgb which computes pDstPoint = pDstData + rect-\u003etop * nDstStep + rect-\u003eleft * 4, writing 16-byte SSE vectors 1888+ bytes past the allocated heap region. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-29774",
"url": "https://www.suse.com/security/cve/CVE-2026-29774"
},
{
"category": "external",
"summary": "SUSE Bug 1259689 for CVE-2026-29774",
"url": "https://bugzilla.suse.com/1259689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-29774"
},
{
"cve": "CVE-2026-29775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-29775"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP\u0027s bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can send a CACHE_BITMAP_ORDER (Rev1) with cacheId equal to maxCells, bypassing the guard and accessing cells[] one element past the allocated array. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-29775",
"url": "https://www.suse.com/security/cve/CVE-2026-29775"
},
{
"category": "external",
"summary": "SUSE Bug 1259684 for CVE-2026-29775",
"url": "https://bugzilla.suse.com/1259684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "low"
}
],
"title": "CVE-2026-29775"
},
{
"cve": "CVE-2026-29776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-29776"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP\u0027s Core Library This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-29776",
"url": "https://www.suse.com/security/cve/CVE-2026-29776"
},
{
"category": "external",
"summary": "SUSE Bug 1259692 for CVE-2026-29776",
"url": "https://bugzilla.suse.com/1259692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "low"
}
],
"title": "CVE-2026-29776"
},
{
"cve": "CVE-2026-31884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31884"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context-\u003ecommon.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31884",
"url": "https://www.suse.com/security/cve/CVE-2026-31884"
},
{
"category": "external",
"summary": "SUSE Bug 1259680 for CVE-2026-31884",
"url": "https://bugzilla.suse.com/1259680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "moderate"
}
],
"title": "CVE-2026-31884"
},
{
"cve": "CVE-2026-31897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31897"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize \u003e= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31897",
"url": "https://www.suse.com/security/cve/CVE-2026-31897"
},
{
"category": "external",
"summary": "SUSE Bug 1259693 for CVE-2026-31897",
"url": "https://bugzilla.suse.com/1259693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-server-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:freerdp-wayland-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libuwac0-0-3.10.3-150700.3.14.1.s390x",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-devel-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-proxy-plugins-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-sdl-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:freerdp-server-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libfreerdp3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:librdtk0-0-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:libwinpr3-3-3.10.3-150700.3.14.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:winpr-devel-3.10.3-150700.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-27T12:05:30Z",
"details": "low"
}
],
"title": "CVE-2026-31897"
}
]
}
WID-SEC-W-2026-0514
Vulnerability from csaf_certbund - Published: 2026-02-24 23:00 - Updated: 2026-04-09 22:00Summary
FreeRDP: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).
Angriff: Ein Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um beliebigen Programmcode auszuführen, und um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um beliebigen Programmcode auszuf\u00fchren, und um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0514 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0514.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0514 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0514"
},
{
"category": "external",
"summary": "FreeRDP 3.23.0 Release Notes vom 2026-02-24",
"url": "https://www.freerdp.com/2026/02/25/3_23_0-release"
},
{
"category": "external",
"summary": "FreeRDP GitHub vom 2026-02-24",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories"
},
{
"category": "external",
"summary": "FreeRDP GitHub CVE-2026-26965 vom 2026-02-24 mit PoC",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5vgf-mw4f-r33h"
},
{
"category": "external",
"summary": "FreeRDP GitHub CVE-2026-26955 vom 2026-02-24 mit PoC",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mr6w-ch7c-mqqj"
},
{
"category": "external",
"summary": "FreeRDP GitHub CVE-2026-25955 vom 2026-02-24 mit PoC",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4g54-x8v7-559x"
},
{
"category": "external",
"summary": "FreeRDP GitHub CVE-2026-25954 vom 2026-02-24 mit PoC",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cc88-4j37-mw6j"
},
{
"category": "external",
"summary": "FreeRDP GitHub CVE-2026-25953 vom 2026-02-24 mit PoC",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6rq-rxpc-rh3p"
},
{
"category": "external",
"summary": "FreeRDP GitHub CVE-2026-25952 vom 2026-02-24 mit PoC",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqm-cwjg-7w9x"
},
{
"category": "external",
"summary": "FreeRDP GitHub CVE-2026-25942 vom 2026-02-24 mit PoC",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-78q6-67m7-wwf6"
},
{
"category": "external",
"summary": "FreeRDP GitHub CVE-2026-26986 vom 2026-02-24 mit PoC",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-crqx-g6x5-rx47"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-53FE996A57 vom 2026-02-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-53fe996a57"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-BE60DD75D9 vom 2026-02-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-be60dd75d9"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-A160E550EC vom 2026-02-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-a160e550ec"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8105-1 vom 2026-03-18",
"url": "https://ubuntu.com/security/notices/USN-8105-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3199 vom 2026-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3199.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8105-2 vom 2026-03-19",
"url": "https://ubuntu.com/security/notices/USN-8105-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5936 vom 2026-03-26",
"url": "https://access.redhat.com/errata/RHSA-2026:5936"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5939 vom 2026-03-26",
"url": "https://access.redhat.com/errata/RHSA-2026:5939"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-5939 vom 2026-03-26",
"url": "https://linux.oracle.com/errata/ELSA-2026-5939.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1129-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025021.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6004 vom 2026-03-30",
"url": "https://access.redhat.com/errata/RHSA-2026:6004"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-6004 vom 2026-03-30",
"url": "https://linux.oracle.com/errata/ELSA-2026-6004.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-6005 vom 2026-03-30",
"url": "https://linux.oracle.com/errata/ELSA-2026-6005.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6005 vom 2026-03-30",
"url": "https://access.redhat.com/errata/RHSA-2026:6005"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1160-1 vom 2026-03-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025071.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1165-1 vom 2026-04-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025117.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6395 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6395"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3221 vom 2026-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3221.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1164-1 vom 2026-04-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025118.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10459-1 vom 2026-04-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/34ABPSLQFVRGFKDSR5ZEDKG5UH6KIBCA/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6396 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6396"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6385 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6385"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6384 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6384"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6616 vom 2026-04-06",
"url": "https://access.redhat.com/errata/RHSA-2026:6616"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6665 vom 2026-04-06",
"url": "https://access.redhat.com/errata/RHSA-2026:6665"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:6005 vom 2026-04-07",
"url": "https://errata.build.resf.org/RLSA-2026:6005"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6712 vom 2026-04-06",
"url": "https://access.redhat.com/errata/RHSA-2026:6712"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6764 vom 2026-04-07",
"url": "https://access.redhat.com/errata/RHSA-2026:6764"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7292 vom 2026-04-09",
"url": "https://access.redhat.com/errata/RHSA-2026:7292"
}
],
"source_lang": "en-US",
"title": "FreeRDP: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-09T22:00:00.000+00:00",
"generator": {
"date": "2026-04-10T07:16:51.742+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0514",
"initial_release_date": "2026-02-24T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-24T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora und European Union Vulnerability Database aufgenommen"
},
{
"date": "2026-03-18T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-03-19T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
},
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-01T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE, Red Hat, Amazon und openSUSE aufgenommen"
},
{
"date": "2026-04-06T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.23.0",
"product": {
"name": "Open Source FreeRDP \u003c3.23.0",
"product_id": "T051175"
}
},
{
"category": "product_version",
"name": "3.23.0",
"product": {
"name": "Open Source FreeRDP 3.23.0",
"product_id": "T051175-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:freerdp:freerdp:3.23.0"
}
}
}
],
"category": "product_name",
"name": "FreeRDP"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25941",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-25941"
},
{
"cve": "CVE-2026-25942",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-25942"
},
{
"cve": "CVE-2026-25952",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-25952"
},
{
"cve": "CVE-2026-25953",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-25953"
},
{
"cve": "CVE-2026-25954",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-25954"
},
{
"cve": "CVE-2026-25955",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-25955"
},
{
"cve": "CVE-2026-25959",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-25959"
},
{
"cve": "CVE-2026-25997",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-25997"
},
{
"cve": "CVE-2026-26271",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-26271"
},
{
"cve": "CVE-2026-26955",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-26955"
},
{
"cve": "CVE-2026-26965",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-26965"
},
{
"cve": "CVE-2026-26986",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-26986"
},
{
"cve": "CVE-2026-27015",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-27015"
},
{
"cve": "CVE-2026-27950",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-27950"
},
{
"cve": "CVE-2026-27951",
"product_status": {
"known_affected": [
"T051175",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-02-24T23:00:00.000+00:00",
"title": "CVE-2026-27951"
}
]
}
FKIE_CVE-2026-27950
Vulnerability from fkie_nvd - Published: 2026-02-25 22:16 - Updated: 2026-02-27 19:10
Severity ?
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/FreeRDP/FreeRDP/blob/master/client/SDL/SDL2/sdl_pointer.cpp#L63-L64 | Product | |
| security-advisories@github.com | https://github.com/FreeRDP/FreeRDP/commit/5f62aa11c1bdf00f94c40ea9ebb260a752740b80 | Patch | |
| security-advisories@github.com | https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758 | Patch | |
| security-advisories@github.com | https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rvfg-86cr-5r6p | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31715854-6D23-4207-AB69-27707C7B2D42",
"versionEndExcluding": "3.23.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0."
},
{
"lang": "es",
"value": "FreeRDP es una implementaci\u00f3n gratuita del Protocolo de Escritorio Remoto. Antes de la versi\u00f3n 3.23.0, la correcci\u00f3n para el uso despu\u00e9s de liberaci\u00f3n del mont\u00f3n descrita en CVE-2026-24680 est\u00e1 incompleta. Aunque el flujo de ejecuci\u00f3n vulnerable referenciado en el aviso existe en la implementaci\u00f3n de SDL2, la correcci\u00f3n parece haberse aplicado solo a la ruta de c\u00f3digo de SDL3. En la implementaci\u00f3n de SDL2, el puntero no se anula despu\u00e9s de la liberaci\u00f3n. Esto crea una situaci\u00f3n donde el aviso sugiere que la vulnerabilidad est\u00e1 completamente resuelta, mientras que las compilaciones o entornos que a\u00fan usan SDL2 pueden retener la l\u00f3gica vulnerable. Una correcci\u00f3n completa est\u00e1 disponible en la versi\u00f3n 3.23.0."
}
],
"id": "CVE-2026-27950",
"lastModified": "2026-02-27T19:10:21.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-02-25T22:16:27.297",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/FreeRDP/FreeRDP/blob/master/client/SDL/SDL2/sdl_pointer.cpp#L63-L64"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/5f62aa11c1bdf00f94c40ea9ebb260a752740b80"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rvfg-86cr-5r6p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…