Debian Freerdp3 vulnerabilities

CVE-2026-31897 [NONE] CVE-2026-31897: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0... FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer

CVE-2025-68118 [MEDIUM] CVE-2025-68118: freerdp3 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio... FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function `freerdp_certificate_data_hash_ uses` the Microsoft-specific `_snprintf` function to format certificate cache filenames without guaranteeing NUL termination when truncation occur

CVE-2025-4478 [MEDIUM] CVE-2025-4478: freerdp2 - A flaw was found in the FreeRDP used by Anaconda's remote install feature, where... A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system. Scope: local bookworm:

CVE-2024-32658 [CRITICAL] CVE-2024-32658: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Scope: local bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1) bullseye: resolved (fixed in 2.3.0+dfsg1-2+deb11u2)

CVE-2024-32458 [CRITICAL] CVE-2024-32458: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support). Scope: local bookworm: resolved (fixed in 2.11.7+d

CVE-2024-32459 [CRITICAL] CVE-2024-32459: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. Scope: local bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1) bullseye: resolved (fixed

CVE-2024-32039 [CRITICAL] CVE-2024-32039: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). Scope: loca

CVE-2024-32041 [CRITICAL] CVE-2024-32041: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. Scope: local bookworm: resolved (fixed in 2.11.7+df

CVE-2024-32659 [CRITICAL] CVE-2024-32659: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Scope: local bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1) bullseye: resolved (fixed i

CVE-2024-32661 [HIGH] CVE-2024-32661: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Scope: local bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1) bullseye: resolved (fixed in 2.3.0+dfsg1-2+deb11u2)

CVE-2024-32040 [HIGH] CVE-2024-32040: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). Scope: local bookworm: resolve

CVE-2024-32660 [HIGH] CVE-2024-32660: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio... FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. Scope: local bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1) bullseye: resolved (fixed in 2.3.0+dfsg1-

CVE-2024-32460 [HIGH] CVE-2024-32460: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based b... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires s

CVE-2024-32662 [HIGH] CVE-2024-32662: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c... FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patc