SUSE-SU-2026:0421-1

CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats (bsc#1256718).
CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in driveprocessirp_read (bsc#1256720).
CVE-2026-22856: race condition in the serial channel IRP thread tracking can cause heap-use-after-free in createirpthread(bsc#1256722).
CVE-2026-22859: improper bound check can lead to heap-buffer-overflow in urbselectconfiguration (bsc#1256725).
CVE-2026-23530: improper validation can lead to heap buffer overflow in planar_decompress_plane_rle (bsc#1256940).
CVE-2026-23531: improper validation in clear_decompress can lead to heap buffer overflow (bsc#1256941).
CVE-2026-23532: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer overflow in gdi_SurfaceToSurface (bsc#1256942).
CVE-2026-23534: missing checks can lead to heap buffer overflow in clear_decompress_bands_data (bsc#1256944).

References

Affected packages

Name: freerdp
Purl: pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150400.3.35.1

{
    "binaries": [
        {
            "libfreerdp2": "2.4.0-150400.3.35.1",
            "libwinpr2": "2.4.0-150400.3.35.1"
        }
    ]
}

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0421-1.json"