freerdp-devel (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package freerdp-devel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (79)
CVE-2026-31806 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes…
CVE-2026-23530 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not…
CVE-2026-22854 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a…
CVE-2026-22852 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow…
CVE-2026-23531 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present…
CVE-2026-23532 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the…
CVE-2026-23533 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the…
CVE-2026-23534 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the…
CVE-2026-23883 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure…
CVE-2026-23884 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing`…
CVE-2026-25952 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed…
CVE-2026-22859 — CVSS 9.1 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on…
CVE-2026-24679 — CVSS 9.1 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers…
CVE-2026-22855 — CVSS 9.1 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard…
CVE-2026-22858 — CVSS 9.1 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64…
CVE-2026-26965 — CVSS 8.8 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path…
CVE-2026-26955 — CVSS 8.8 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer…
CVE-2026-22856 — CVSS 8.1 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a…
CVE-2020-11039 — CVSS 8.0 (high): In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read…
CVE-2026-24681 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed…
CVE-2026-24676 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list…
CVE-2026-23732 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining…
CVE-2026-24675 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on…
CVE-2026-24491 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the…
CVE-2026-26986 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed…
CVE-2026-33984 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c…
CVE-2026-24684 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs…
CVE-2026-24683 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and…
CVE-2026-23948 — CVSS 7.5 (high): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in…
CVE-2020-13396 — CVSS 7.1 (high): An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage…
CVE-2020-11038 — CVSS 6.9 (medium): In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server…
CVE-2026-31883 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio…
CVE-2026-31884 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when…
CVE-2026-31885 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM…
CVE-2020-11018 — CVSS 6.5 (medium): In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out…
CVE-2026-33983 — CVSS 6.5 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a…
CVE-2026-33985 — CVSS 5.9 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered…
CVE-2022-39283 — CVSS 5.9 (medium): FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might…
CVE-2021-41159 — CVSS 5.8 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to…
CVE-2020-11042 — CVSS 5.5 (medium): In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined…
CVE-2022-39320 — CVSS 5.5 (medium): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow…
CVE-2020-11049 — CVSS 5.5 (medium): In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This…
CVE-2020-13397 — CVSS 5.5 (medium): An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in…
CVE-2020-11047 — CVSS 5.5 (medium): In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can…
CVE-2020-11046 — CVSS 5.5 (medium): In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later…
CVE-2026-29775 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in…
CVE-2021-41160 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious…
CVE-2026-27951 — CVSS 5.3 (medium): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create…
CVE-2022-39318 — CVSS 4.8 (medium): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc`…
CVE-2022-39316 — CVSS 4.8 (medium): FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component…
CVE-2022-39317 — CVSS 4.6 (medium): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset…
CVE-2022-41877 — CVSS 4.6 (medium): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive`…
CVE-2022-39319 — CVSS 4.6 (medium): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the…
CVE-2020-11019 — CVSS 4.3 (medium): In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a…
CVE-2020-11089 — CVSS 3.7 (low): In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create…
CVE-2020-11095 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of…
CVE-2020-4030 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer…
CVE-2020-15103 — CVSS 3.5 (low): In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients…
CVE-2022-39282 — CVSS 3.5 (low): FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch…
CVE-2020-11099 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet…
CVE-2020-11098 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache`…
CVE-2020-11096 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap…
CVE-2020-11097 — CVSS 3.5 (low): In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of…
CVE-2020-11088 — CVSS 3.1 (low): In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.
CVE-2020-4033 — CVSS 3.1 (low): In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth…
CVE-2020-11087 — CVSS 3.1 (low): In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.
CVE-2020-11086 — CVSS 3.1 (low): In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes…
CVE-2022-39347 — CVSS 2.6 (low): FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path…
CVE-2020-11085 — CVSS 2.6 (low): In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might…
CVE-2020-11048 — CVSS 2.2 (low): In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible…
CVE-2020-11045 — CVSS 2.2 (low): In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to…
CVE-2020-11044 — CVSS 2.2 (low): In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if…
CVE-2020-11043 — CVSS 2.2 (low): In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder…
CVE-2020-11041 — CVSS 2.2 (low): In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound…
CVE-2020-11525 — CVSS 2.2 (low): libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
CVE-2020-11040 — CVSS 2.2 (low): In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on…
CVE-2020-11526 — CVSS 2.2 (low): libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
CVE-2020-11058 — CVSS 2.2 (low): In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds…