libwinpr-devel (AlmaLinux:10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:10 package libwinpr-devel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (41)
CVE-2026-22852 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow…
CVE-2026-23883 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure…
CVE-2026-23884 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing`…
CVE-2026-23530 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not…
CVE-2026-23531 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present…
CVE-2026-31806 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes…
CVE-2026-25952 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed…
CVE-2026-25997 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed…
CVE-2026-22854 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a…
CVE-2026-22853 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds…
CVE-2026-23532 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the…
CVE-2026-23533 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the…
CVE-2026-23534 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the…
CVE-2026-22858 — CVSS 9.1 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64…
CVE-2026-24679 — CVSS 9.1 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers…
CVE-2026-22859 — CVSS 9.1 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on…
CVE-2026-22855 — CVSS 9.1 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard…
CVE-2026-26955 — CVSS 8.8 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer…
CVE-2026-26965 — CVSS 8.8 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path…
CVE-2026-22856 — CVSS 8.1 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a…
CVE-2026-24684 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs…
CVE-2026-23732 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining…
CVE-2026-23948 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in…
CVE-2026-24491 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the…
CVE-2026-24675 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on…
CVE-2026-24676 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list…
CVE-2026-24678 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed…
CVE-2026-24681 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed…
CVE-2026-24682 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of…
CVE-2026-24683 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and…
CVE-2026-26986 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed…
CVE-2026-33984 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c…
CVE-2026-33982 — CVSS 7.1 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ…
CVE-2026-33987 — CVSS 7.1 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in…
CVE-2026-31884 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when…
CVE-2026-31885 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM…
CVE-2026-33983 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a…
CVE-2025-4478 — CVSS 6.5 (medium): A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault…
CVE-2026-31883 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio…
CVE-2026-33985 — CVSS 5.9 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered…
CVE-2026-29775 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in…