Debian Freerdp2 vulnerabilities

CVE-2026-31897 [NONE] CVE-2026-31897: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0... FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer

CVE-2025-4478 [MEDIUM] CVE-2025-4478: freerdp2 - A flaw was found in the FreeRDP used by Anaconda's remote install feature, where... A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system. Scope: local bookworm:

CVE-2024-32658 [CRITICAL] CVE-2024-32658: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Scope: local bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1) bullseye: resolved (fixed in 2.3.0+dfsg1-2+deb11u2)

CVE-2024-32458 [CRITICAL] CVE-2024-32458: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support). Scope: local bookworm: resolved (fixed in 2.11.7+d

CVE-2024-32459 [CRITICAL] CVE-2024-32459: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. Scope: local bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1) bullseye: resolved (fixed

CVE-2024-32039 [CRITICAL] CVE-2024-32039: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). Scope: loca

CVE-2024-32041 [CRITICAL] CVE-2024-32041: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. Scope: local bookworm: resolved (fixed in 2.11.7+df

CVE-2024-32659 [CRITICAL] CVE-2024-32659: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Scope: local bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1) bullseye: resolved (fixed i

CVE-2024-32661 [HIGH] CVE-2024-32661: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Scope: local bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1) bullseye: resolved (fixed in 2.3.0+dfsg1-2+deb11u2)

CVE-2024-32040 [HIGH] CVE-2024-32040: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). Scope: local bookworm: resolve

CVE-2024-32660 [HIGH] CVE-2024-32660: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio... FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Scope: local bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1) bullseye: resolved (fixed in 2.3.0+dfsg1-

CVE-2024-32460 [HIGH] CVE-2024-32460: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based b... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires s

CVE-2024-22211 [LOW] CVE-2024-22211: freerdp2 - FreeRDP is a set of free and open source remote desktop protocol library and cli... FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to al

CVE-2024-32662 [HIGH] CVE-2024-32662: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patc

CVE-2023-39356 [MEDIUM] CVE-2023-39356: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released ... FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaqu

CVE-2023-40188 [MEDIUM] CVE-2023-40188: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released ... FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the

CVE-2023-39351 [MEDIUM] CVE-2023-39351: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released ... FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the

CVE-2023-40589 [MEDIUM] CVE-2023-40589: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released ... FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-

CVE-2023-40567 [MEDIUM] CVE-2023-40567: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released ... FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and

CVE-2023-39354 [MEDIUM] CVE-2023-39354: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released ... FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to lev