SUSE Package Hub - SUSE-PackageHub-16.0-663

Update Info

SUSE-PackageHub-16.0-663

Security update for freerdp

Type: security
Severity: important
Issued: 2026-04-30
Description:
This update for freerdp fixes the following issues:

Update to version 3.24.2.

Security issues fixed:

- CVE-2026-25941: out-of-bounds read in the FreeRDP client RDPGFX channel (bsc#1258919).
- CVE-2026-25942: buffer overflow of global array in `xf_rail_server_execute_result` (bsc#1258920).
- CVE-2026-25952: heap use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921).
- CVE-2026-25953: heap use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923).
- CVE-2026-25954: heap use-after-free in `xf_rail_server_local_move_size` (bsc#1258924).
- CVE-2026-25955: heap use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258973).
- CVE-2026-25959: heap use-after-free in `xf_cliprdr_provide_data_` (bsc#1258976).
- CVE-2026-25997: heap use-after-free in `xf_clipboard_format_equal` (bsc#1258977).
- CVE-2026-26271: buffer overread in FreeRDP icon processing (bsc#1258979).
- CVE-2026-26955: out-of-bounds write in FreeRDP clients using the GDI surface pipeline (bsc#1258982).
- CVE-2026-26965: out-of-bounds write in FreeRDP client RLE planar decode path (bsc#1258985).
- CVE-2026-29774: heap buffer overflow in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path (bsc#1259689).
- CVE-2026-29775: out-of-bounds access in the FreeRDP client bitmap cache subsystem (bsc#1259684).
- CVE-2026-29776: integer underflow in `update_read_cache_bitmap_order` (bsc#1259692).
- CVE-2026-31806: heap buffer overflow in `nsc_process_message` (bsc#1259653).
- CVE-2026-31883: heap buffer overwrite due to a `size_t` underflow in the IMA-ADPCM and MS-ADPCM audio decoders
  (bsc#1259679).
- CVE-2026-31884: division by zero in MS-ADPCM and IMA-ADPCM decoders (bsc#1259680).
- CVE-2026-31885: out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders (bsc#1259686).
- CVE-2026-31897: out-of-bounds read in `freerdp_bitmap_decompress_planar` (bsc#1259693).
- CVE-2026-33952: client-side crash due to `WINPR_ASSERT()` failure in `rts_read_auth_verifier_no_checks()`
  (bsc#1261196).
- CVE-2026-33977: client-side crash due to `WINPR_ASSERT()` failure in IMA ADPCM audio decoder (bsc#1261198).
- CVE-2026-33982: heap buffer overread in in `winpr_aligned_offset_recalloc` (bsc#1261222).
- CVE-2026-33983: undefined behavior and resource exhaustion via 80 billion iteration loop in
  `progressive_decompress_tile_upgrade` (bsc#1261200).
- CVE-2026-33984: heap buffer overflow in ClearCodec `resize_vbar_entry` (bsc#1261211).
- CVE-2026-33985: heap out-of-bounds read in `clear_decompress_glyph_data` (bsc#1261217).
- CVE-2026-33986: heap out-of-bounds write due to H.264 YUV buffer dimension desync (bsc#1261223).
- CVE-2026-33987: heap out-of-bounds write due to persistent cache bmpSize desync (bsc#1261226).
- CVE-2026-33995: double-free vulnerability in `kerberos_AcceptSecurityContext` and
  `kerberos_InitializeSecurityContextA` (bsc#1261227).

Other updates and bugfixes:

- Version 3.24.2:
  * [channels,video] fix wrong cast (#12511)
  * [codec,openh264] reject encoder ABI mismatch on runtime-loaded library (#12510)
  * [client,sdl] create a copy of rdpPointer (#12512)
  * [codec,video] properly pass intermediate format (#12518)
  * [utils, signal] lazily initialize Windows CRITICAL_SECTION to match POSIX static mutex behavior (#12520) winpr:
    improve libunwind backtraces (#12530)
  * [server,shadow] remember selected caps (#12528)
  * Zero credential data before free in NLA and NTLM context (#12532)
  * [server,proxy] ignore missing client in input channel (#12536)
  * [server,proxy] ignore rdpdr messages (#12537)
  * [winpr,sspi] improve kerberos logging (#12538)
  * Codec fixes (#12542)

- Version 3.24.1:
  * [warnings] fix various sign and cast warnings (#12480)
  * [client,x11] start with xfc->remote_app = TRUE; (#12491)
  * Sam file read regression fix (#12484)
  * [ncrypt,smartcardlogon] support ECC keys in PKCS#11 smartcard enumeration (#12490)
  * Fix: memory leak in rdp_client_establish_keys() (#12494)
  * Fix memory leak in freerdp_settings_int_buffer_copy() on error paths (libfreerdp/core/settings.c) (#12486)
  * Code Cleanups (#12493)
  * Fix: memory leak in PCSC_SCardListReadersW() (#12495)
  * [channels,telemetry] use dynamic logging (#12496)
  * [channel,gfx] use generic plugin log (@12498, #12499)
  * [channels,audin] set error when audio_format_read fails (#12500)
  * [channels,video] unify error handling (#12502)
  * Fastpath fine grained lock (#12503)
  * [core,update] make the PlaySound callback non-mandatory (#12504)
  * Refinements: RPM build updates, FIPS improvements (#12506)

- Version 3.24.0:
  * Completed the [[nodiscard]] marking of the API to warn about problematic
  * unchecked use of functions
  * Added full C23 support (default stays at C11) to allow new compilers
  * to do stricter checking
  * Improved X11 and SDL3 clients
  * Improved smartcard support
  * proxy now supports RFX graphics mode
  * Attribute nodiscard related chanes (#12325, #12360, #12395, #12406, #12421, #12426, #12177, #12403, #12405, #12407,
    #12409, #12408, #12412, #12413)
  * c23 related improvements (#12368, #12371, #12379, #12381, #12383, #12385, #12386, #12387, #12384)
  * Generic code cleanups (#12382, #12439, #12455, #12462, #12399, #12473) [core,utils] ignore NULL values in
    remove_rdpdr_type (#12372)
  * [codec,fdk] revert use of WinPR types (#12373)
  * [core,gateway] ignore incomplete rpc header (#12375, #12376)
  * [warnings] make function declaration names consistent (#12377)
  * [libfreerdp] Add new define for logon error info (#12380)
  * [client,x11] improve rails window locking (#12392)
  * Reload fix missing null checks (#12396)
  * Bounds checks (#12400)
  * [server,proxy] check for nullptr before using scard_call_context (#12404)
  * [uwac] fix rectangular glitch around surface damage regions (#12410)
  * Address various error handling inconsistencies (#12411)
  * [core,server] Improve WTS API locking (#12414)
  * Address some GCC compile issues (#12415, #12420)
  * Winpr atexit (#12416)
  * [winpr,smartcard] fix function pointer casts (#12422)
  * Xf timer fix (#12423)
  * [client,sdl] workaround for wlroots compositors (#12425)
  * [client,sdl] fix SdlWindow::query (#12378)
  * [winpr,smartcard] fix PCSC_ReleaseCardContext (#12427)
  * [client,x11] eliminate obsolete compile flags (#12428)
  * [client,common] skip sending input events when not connected (#12429)
  * Input connected checks (#12430)
  * Floatbar and display channel improvements (#12431)
  * [winpr,platform] fix WINPR_ATTR_NODISCARD definition (#12432)
  * [client] Fix writing of gatewayusagemethod to .rdp files (#12433)
  * Nodiscard finetune (#12435)
  * [core] fix missing gateway credential sync (#12436)
  * [client,sdl3] limit FREERDP_WLROOTS_HACK (#12441)
  * [core,settings] Allow FreeRDP_instance in setter (#12442)
  * [codec,h264] make log message trace (#12444)
  * X11 rails improve (#12440)
  * [codec,nsc] limit copy area in nsc_process_message (#12448)
  * Proxy support RFX and NSC settings (#12449)
  * [client,common] display a shortened help on parsing issues (#12450)
  * [winpr,smartcard] refine locking for pcsc layer (#12451)
  * [codec,swscale] allow runtime loading of swscale (#12452)
  * Swscale fallback (#12454)
  * Sdl multi scaling support (#12456)
  * [packaging,flatpak] update runtime and dependencies (#12457)
  * [codec,video] add doxygen version details (#12458)
  * [github,templates] update templates (#12460)
  * [client,sdl] allow FREERDP_WLROOTS_HACK for all sessions (#12461)
  * [warnings,nodiscard] add log messages for failures (#12463)
  * [gdi,gdi] ignore empty rectangles (#12467)
  * Smartcard fix smartcard-login, pass rdpContext for abort (#12466)
  * [winpr,smartcard] fix compiler warnings (#12469)
  * [winpr,timezone] fix search for transition dates (#12468)
  * [client,common] improve /p help (#12471)
  * Scard logging refactored (#12472)
  * [emu,scard] fix smartcard emulation (#12475)
  * Sdl null cursor (#12474)

- Version 3.23.0:
  * Sdl cleanup (#12202)
  * [client,sdl] do not apply window offset (#12205)
  * [client,sdl] add SDL_Error to exceptions (#12214)
  * Rdp monitor log (#12215)
  * [winpr,smartcard] implement some attributes (#12213)
  * [client,windows] Fix return value checks for mouse event functions (#12279)
  * [channels,rdpecam] fix sws context checks (#12272)
  * [client,windows] Enhance error handling and context validation (#12264)
  * [client,windows] Add window handle validation in RDP_EVENT_TYPE_WINDOW_NEW (#12261)
  * [client,sdl] fix multimon/fullscreen on wayland (#12248)
  * Vendor by app (#12207)
  * [core,gateway] relax TSG parsing (#12283)
  * [winpr,smartcard] simplify PCSC_ReadDeviceSystemName (#12273)
  * [client,windows] Implement complete keyboard indicator synchronization (#12268)
  * Fixes more more more (#12286)
  * Use application details for names (#12285)
  * warning cleanups (#12289)
  * Warning cleanup (#12291)
  * [client,windows] Enhance memory safety with NULL checks and resource protection (#12271)
  * [client,x11] apply /size:xx% only once (#12293)
  * Freerdp config test (#12295)
  * [winpr,smartcard] fix returned attribute length (#12296)
  * [client,SDL3] Fix properly handle smart-sizing with fullscreen (#12298)
  * [core,test] fix use after free (#12299)
  * Sign warnings (#12300)
  * [cmake,compiler] disable -Wjump-misses-init (#12301)
  * [codec,color] fix input length checks (#12302)
  * [client,sdl] improve cursor updates, fix surface sizes (#12303)
  * Sdl fullscreen (#12217)
  * [client,sdl] fix move constructor of SdlWindow (#12305)
  * [utils,smartcard] check stream length on padding (#12306)
  * [android] Fix invert scrolling default value mismatch (#12309)
  * Clear fix bounds checks (#12310)
  * Winpr attr nodiscard fkt ptr (#12311)
  * [codec,planar] fix missing destination bounds checks (#12312)
  * [codec,clear] fix destination checks (#12315)
  * NSC Codec fixes (#12317)
  * Freerdp api nodiscard (#12313)
  * [allocations] fix growth of preallocated buffers (#12319)
  * Rdpdr simplify (#12320)
  * Resource fix (#12323)
  * [winpr,utils] ensure message queue capacity (#12322)
  * [server,shadow] fix return and parameter checks (#12330)
  * Shadow fixes (#12331)
  * [rdtk,nodiscard] mark rdtk API nodiscard (#12329)
  * [client,x11] fix XGetWindowProperty return handling (#12334)
  * Win32 signal (#12335)
  * [channel,usb] fix message parsing and creation (#12336)
  * [cmake] Define WINPR_DEFINE_ATTR_NODISCARD (#12338)
  * Proxy config fix (#12345)
  * [codec,progressive] refine progressive decoding (#12347)
  * [client,sdl] fix sdl_Pointer_New (#12350)
  * [core,gateway] parse [MS-TSGU] 2.2.10.5 HTTP_CHANNEL_RESPONSE_OPTIONAL (#12353)
  * X11 kbd sym (#12354)
  * Windows compile warning fixes (#12357,#12358,#12359)
References

Packages

freerdp-3.24.2-160000.1.1