Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-31897 (GCVE-0-2026-31897)
Vulnerability from cvelistv5 – Published: 2026-03-13 17:42 – Updated: 2026-03-13 18:10
VLAI?
EPSS
Title
FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31897",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T18:09:57.983306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T18:10:06.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize \u003e= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T17:42:11.932Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7"
}
],
"source": {
"advisory": "GHSA-xgv6-r22m-7c9x",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31897",
"datePublished": "2026-03-13T17:42:11.932Z",
"dateReserved": "2026-03-09T21:59:02.689Z",
"dateUpdated": "2026-03-13T18:10:06.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-31897\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-13T19:54:38.023\",\"lastModified\":\"2026-03-17T12:57:00.720\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize \u003e= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N\",\"baseScore\":0.0,\"baseSeverity\":\"NONE\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":0.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.24.0\",\"matchCriteriaId\":\"97FCA262-35C3-4B6B-A321-15CE780FCA20\"}]}]}],\"references\":[{\"url\":\"https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-31897\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-13T18:09:57.983306Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-13T18:10:02.680Z\"}}], \"cna\": {\"title\": \"FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`\", \"source\": {\"advisory\": \"GHSA-xgv6-r22m-7c9x\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 0, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"FreeRDP\", \"product\": \"FreeRDP\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.24.0\"}]}], \"references\": [{\"url\": \"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x\", \"name\": \"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7\", \"name\": \"https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize \u003e= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125: Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-13T17:42:11.932Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-31897\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-13T18:10:06.909Z\", \"dateReserved\": \"2026-03-09T21:59:02.689Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-13T17:42:11.932Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2026-0725
Vulnerability from csaf_certbund - Published: 2026-03-12 23:00 - Updated: 2026-04-09 22:00Summary
FreeRDP: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um potenziell beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Speicherbeschädigungen zu verursachen, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um potenziell beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Speicherbesch\u00e4digungen zu verursachen, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0725 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0725.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0725 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0725"
},
{
"category": "external",
"summary": "FreeRDP 3.24.0 release notes vom 2026-03-12",
"url": "https://www.freerdp.com/2026/03/13/3_24_0-release"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-5q35-hv9x-7794 vom 2026-03-12",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5q35-hv9x-7794"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-85x9-4xxp-xhm5 vom 2026-03-12",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c747-x4wf-cqrr vom 2026-03-12",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c747-x4wf-cqrr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-h23r-3988-3wf3 vom 2026-03-12",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h23r-3988-3wf3"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-h666-rfw3-jhvj vom 2026-03-12",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h666-rfw3-jhvj"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-jp7m-94ww-p56r vom 2026-03-12",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jp7m-94ww-p56r"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rrqm-46rj-cmx2 vom 2026-03-12",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrqm-46rj-cmx2"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xgv6-r22m-7c9x vom 2026-03-12",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-BF4C5BB9C5 vom 2026-03-16",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-bf4c5bb9c5"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-2C1AB5B23B vom 2026-03-16",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-2c1ab5b23b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-34886ABFAD vom 2026-03-16",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-34886abfad"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-AAE50DC427 vom 2026-03-16",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-aae50dc427"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-07418A381F vom 2026-03-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-07418a381f"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1129-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025021.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1160-1 vom 2026-03-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025071.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6340 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6340"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-6340 vom 2026-04-01",
"url": "http://linux.oracle.com/errata/ELSA-2026-6340.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10459-1 vom 2026-04-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/34ABPSLQFVRGFKDSR5ZEDKG5UH6KIBCA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1164-1 vom 2026-04-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025118.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3221 vom 2026-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3221.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1165-1 vom 2026-04-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025117.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6727 vom 2026-04-07",
"url": "https://access.redhat.com/errata/RHSA-2026:6727"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6743 vom 2026-04-07",
"url": "https://access.redhat.com/errata/RHSA-2026:6743"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6799 vom 2026-04-07",
"url": "https://access.redhat.com/errata/RHSA-2026:6799"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-6918 vom 2026-04-08",
"url": "https://linux.oracle.com/errata/ELSA-2026-6918.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6958 vom 2026-04-08",
"url": "https://access.redhat.com/errata/RHSA-2026:6958"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:6340 vom 2026-04-07",
"url": "https://errata.build.resf.org/RLSA-2026:6340"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6918 vom 2026-04-08",
"url": "https://access.redhat.com/errata/RHSA-2026:6918"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-6799 vom 2026-04-08",
"url": "https://linux.oracle.com/errata/ELSA-2026-6799.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:6918 vom 2026-04-09",
"url": "https://errata.build.resf.org/RLSA-2026:6918"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:6799 vom 2026-04-09",
"url": "https://errata.build.resf.org/RLSA-2026:6799"
}
],
"source_lang": "en-US",
"title": "FreeRDP: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-09T22:00:00.000+00:00",
"generator": {
"date": "2026-04-10T07:16:56.098+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0725",
"initial_release_date": "2026-03-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-15T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora und European Union Vulnerability Database aufgenommen"
},
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-01T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux, openSUSE, SUSE und Amazon aufgenommen"
},
{
"date": "2026-04-06T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-07T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat, Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-04-08T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.24.0",
"product": {
"name": "Open Source FreeRDP \u003c3.24.0",
"product_id": "T051732"
}
},
{
"category": "product_version",
"name": "3.24.0",
"product": {
"name": "Open Source FreeRDP 3.24.0",
"product_id": "T051732-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:freerdp:freerdp:3.24.0"
}
}
}
],
"category": "product_name",
"name": "FreeRDP"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-29774",
"product_status": {
"known_affected": [
"T002207",
"67646",
"T027843",
"T051732",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-12T23:00:00.000+00:00",
"title": "CVE-2026-29774"
},
{
"cve": "CVE-2026-29775",
"product_status": {
"known_affected": [
"T002207",
"67646",
"T027843",
"T051732",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-12T23:00:00.000+00:00",
"title": "CVE-2026-29775"
},
{
"cve": "CVE-2026-29776",
"product_status": {
"known_affected": [
"T002207",
"67646",
"T027843",
"T051732",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-12T23:00:00.000+00:00",
"title": "CVE-2026-29776"
},
{
"cve": "CVE-2026-31806",
"product_status": {
"known_affected": [
"T002207",
"67646",
"T027843",
"T051732",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-12T23:00:00.000+00:00",
"title": "CVE-2026-31806"
},
{
"cve": "CVE-2026-31883",
"product_status": {
"known_affected": [
"T002207",
"67646",
"T027843",
"T051732",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-12T23:00:00.000+00:00",
"title": "CVE-2026-31883"
},
{
"cve": "CVE-2026-31884",
"product_status": {
"known_affected": [
"T002207",
"67646",
"T027843",
"T051732",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-12T23:00:00.000+00:00",
"title": "CVE-2026-31884"
},
{
"cve": "CVE-2026-31885",
"product_status": {
"known_affected": [
"T002207",
"67646",
"T027843",
"T051732",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-12T23:00:00.000+00:00",
"title": "CVE-2026-31885"
},
{
"cve": "CVE-2026-31897",
"product_status": {
"known_affected": [
"T002207",
"67646",
"T027843",
"T051732",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-03-12T23:00:00.000+00:00",
"title": "CVE-2026-31897"
}
]
}
OPENSUSE-SU-2026:10408-1
Vulnerability from csaf_opensuse - Published: 2026-03-23 00:00 - Updated: 2026-03-23 00:00Summary
freerdp-3.24.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: freerdp-3.24.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the freerdp-3.24.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10408
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.3 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "freerdp-3.24.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the freerdp-3.24.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10408",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10408-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25941 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25942 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25952 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25953 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25954 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25955 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25959 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25997 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26271 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26955 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26965 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-29774 page",
"url": "https://www.suse.com/security/cve/CVE-2026-29774/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-29775 page",
"url": "https://www.suse.com/security/cve/CVE-2026-29775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-29776 page",
"url": "https://www.suse.com/security/cve/CVE-2026-29776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31806 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31883 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31884 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31885 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31897 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31897/"
}
],
"title": "freerdp-3.24.1-1.1 on GA media",
"tracking": {
"current_release_date": "2026-03-23T00:00:00Z",
"generator": {
"date": "2026-03-23T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10408-1",
"initial_release_date": "2026-03-23T00:00:00Z",
"revision_history": [
{
"date": "2026-03-23T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "freerdp-3.24.1-1.1.aarch64",
"product": {
"name": "freerdp-3.24.1-1.1.aarch64",
"product_id": "freerdp-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-devel-3.24.1-1.1.aarch64",
"product": {
"name": "freerdp-devel-3.24.1-1.1.aarch64",
"product_id": "freerdp-devel-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-3.24.1-1.1.aarch64",
"product": {
"name": "freerdp-proxy-3.24.1-1.1.aarch64",
"product_id": "freerdp-proxy-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"product": {
"name": "freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"product_id": "freerdp-proxy-plugins-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-sdl-3.24.1-1.1.aarch64",
"product": {
"name": "freerdp-sdl-3.24.1-1.1.aarch64",
"product_id": "freerdp-sdl-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-server-3.24.1-1.1.aarch64",
"product": {
"name": "freerdp-server-3.24.1-1.1.aarch64",
"product_id": "freerdp-server-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "freerdp-wayland-3.24.1-1.1.aarch64",
"product": {
"name": "freerdp-wayland-3.24.1-1.1.aarch64",
"product_id": "freerdp-wayland-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"product": {
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"product_id": "libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreerdp3-3-3.24.1-1.1.aarch64",
"product": {
"name": "libfreerdp3-3-3.24.1-1.1.aarch64",
"product_id": "libfreerdp3-3-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "librdtk0-0-3.24.1-1.1.aarch64",
"product": {
"name": "librdtk0-0-3.24.1-1.1.aarch64",
"product_id": "librdtk0-0-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libuwac0-0-3.24.1-1.1.aarch64",
"product": {
"name": "libuwac0-0-3.24.1-1.1.aarch64",
"product_id": "libuwac0-0-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwinpr3-3-3.24.1-1.1.aarch64",
"product": {
"name": "libwinpr3-3-3.24.1-1.1.aarch64",
"product_id": "libwinpr3-3-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rdtk0-devel-3.24.1-1.1.aarch64",
"product": {
"name": "rdtk0-devel-3.24.1-1.1.aarch64",
"product_id": "rdtk0-devel-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "uwac0-devel-3.24.1-1.1.aarch64",
"product": {
"name": "uwac0-devel-3.24.1-1.1.aarch64",
"product_id": "uwac0-devel-3.24.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "winpr-devel-3.24.1-1.1.aarch64",
"product": {
"name": "winpr-devel-3.24.1-1.1.aarch64",
"product_id": "winpr-devel-3.24.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-3.24.1-1.1.ppc64le",
"product": {
"name": "freerdp-3.24.1-1.1.ppc64le",
"product_id": "freerdp-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-devel-3.24.1-1.1.ppc64le",
"product": {
"name": "freerdp-devel-3.24.1-1.1.ppc64le",
"product_id": "freerdp-devel-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-3.24.1-1.1.ppc64le",
"product": {
"name": "freerdp-proxy-3.24.1-1.1.ppc64le",
"product_id": "freerdp-proxy-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"product": {
"name": "freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"product_id": "freerdp-proxy-plugins-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-sdl-3.24.1-1.1.ppc64le",
"product": {
"name": "freerdp-sdl-3.24.1-1.1.ppc64le",
"product_id": "freerdp-sdl-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-server-3.24.1-1.1.ppc64le",
"product": {
"name": "freerdp-server-3.24.1-1.1.ppc64le",
"product_id": "freerdp-server-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freerdp-wayland-3.24.1-1.1.ppc64le",
"product": {
"name": "freerdp-wayland-3.24.1-1.1.ppc64le",
"product_id": "freerdp-wayland-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"product": {
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"product_id": "libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreerdp3-3-3.24.1-1.1.ppc64le",
"product": {
"name": "libfreerdp3-3-3.24.1-1.1.ppc64le",
"product_id": "libfreerdp3-3-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "librdtk0-0-3.24.1-1.1.ppc64le",
"product": {
"name": "librdtk0-0-3.24.1-1.1.ppc64le",
"product_id": "librdtk0-0-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libuwac0-0-3.24.1-1.1.ppc64le",
"product": {
"name": "libuwac0-0-3.24.1-1.1.ppc64le",
"product_id": "libuwac0-0-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwinpr3-3-3.24.1-1.1.ppc64le",
"product": {
"name": "libwinpr3-3-3.24.1-1.1.ppc64le",
"product_id": "libwinpr3-3-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rdtk0-devel-3.24.1-1.1.ppc64le",
"product": {
"name": "rdtk0-devel-3.24.1-1.1.ppc64le",
"product_id": "rdtk0-devel-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "uwac0-devel-3.24.1-1.1.ppc64le",
"product": {
"name": "uwac0-devel-3.24.1-1.1.ppc64le",
"product_id": "uwac0-devel-3.24.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "winpr-devel-3.24.1-1.1.ppc64le",
"product": {
"name": "winpr-devel-3.24.1-1.1.ppc64le",
"product_id": "winpr-devel-3.24.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-3.24.1-1.1.s390x",
"product": {
"name": "freerdp-3.24.1-1.1.s390x",
"product_id": "freerdp-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-devel-3.24.1-1.1.s390x",
"product": {
"name": "freerdp-devel-3.24.1-1.1.s390x",
"product_id": "freerdp-devel-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-3.24.1-1.1.s390x",
"product": {
"name": "freerdp-proxy-3.24.1-1.1.s390x",
"product_id": "freerdp-proxy-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-plugins-3.24.1-1.1.s390x",
"product": {
"name": "freerdp-proxy-plugins-3.24.1-1.1.s390x",
"product_id": "freerdp-proxy-plugins-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-sdl-3.24.1-1.1.s390x",
"product": {
"name": "freerdp-sdl-3.24.1-1.1.s390x",
"product_id": "freerdp-sdl-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-server-3.24.1-1.1.s390x",
"product": {
"name": "freerdp-server-3.24.1-1.1.s390x",
"product_id": "freerdp-server-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "freerdp-wayland-3.24.1-1.1.s390x",
"product": {
"name": "freerdp-wayland-3.24.1-1.1.s390x",
"product_id": "freerdp-wayland-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"product": {
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"product_id": "libfreerdp-server-proxy3-3-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreerdp3-3-3.24.1-1.1.s390x",
"product": {
"name": "libfreerdp3-3-3.24.1-1.1.s390x",
"product_id": "libfreerdp3-3-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "librdtk0-0-3.24.1-1.1.s390x",
"product": {
"name": "librdtk0-0-3.24.1-1.1.s390x",
"product_id": "librdtk0-0-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libuwac0-0-3.24.1-1.1.s390x",
"product": {
"name": "libuwac0-0-3.24.1-1.1.s390x",
"product_id": "libuwac0-0-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libwinpr3-3-3.24.1-1.1.s390x",
"product": {
"name": "libwinpr3-3-3.24.1-1.1.s390x",
"product_id": "libwinpr3-3-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rdtk0-devel-3.24.1-1.1.s390x",
"product": {
"name": "rdtk0-devel-3.24.1-1.1.s390x",
"product_id": "rdtk0-devel-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "uwac0-devel-3.24.1-1.1.s390x",
"product": {
"name": "uwac0-devel-3.24.1-1.1.s390x",
"product_id": "uwac0-devel-3.24.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "winpr-devel-3.24.1-1.1.s390x",
"product": {
"name": "winpr-devel-3.24.1-1.1.s390x",
"product_id": "winpr-devel-3.24.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "freerdp-3.24.1-1.1.x86_64",
"product": {
"name": "freerdp-3.24.1-1.1.x86_64",
"product_id": "freerdp-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-devel-3.24.1-1.1.x86_64",
"product": {
"name": "freerdp-devel-3.24.1-1.1.x86_64",
"product_id": "freerdp-devel-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-3.24.1-1.1.x86_64",
"product": {
"name": "freerdp-proxy-3.24.1-1.1.x86_64",
"product_id": "freerdp-proxy-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"product": {
"name": "freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"product_id": "freerdp-proxy-plugins-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-sdl-3.24.1-1.1.x86_64",
"product": {
"name": "freerdp-sdl-3.24.1-1.1.x86_64",
"product_id": "freerdp-sdl-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-server-3.24.1-1.1.x86_64",
"product": {
"name": "freerdp-server-3.24.1-1.1.x86_64",
"product_id": "freerdp-server-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "freerdp-wayland-3.24.1-1.1.x86_64",
"product": {
"name": "freerdp-wayland-3.24.1-1.1.x86_64",
"product_id": "freerdp-wayland-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"product": {
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"product_id": "libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreerdp3-3-3.24.1-1.1.x86_64",
"product": {
"name": "libfreerdp3-3-3.24.1-1.1.x86_64",
"product_id": "libfreerdp3-3-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "librdtk0-0-3.24.1-1.1.x86_64",
"product": {
"name": "librdtk0-0-3.24.1-1.1.x86_64",
"product_id": "librdtk0-0-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libuwac0-0-3.24.1-1.1.x86_64",
"product": {
"name": "libuwac0-0-3.24.1-1.1.x86_64",
"product_id": "libuwac0-0-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwinpr3-3-3.24.1-1.1.x86_64",
"product": {
"name": "libwinpr3-3-3.24.1-1.1.x86_64",
"product_id": "libwinpr3-3-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rdtk0-devel-3.24.1-1.1.x86_64",
"product": {
"name": "rdtk0-devel-3.24.1-1.1.x86_64",
"product_id": "rdtk0-devel-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "uwac0-devel-3.24.1-1.1.x86_64",
"product": {
"name": "uwac0-devel-3.24.1-1.1.x86_64",
"product_id": "uwac0-devel-3.24.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "winpr-devel-3.24.1-1.1.x86_64",
"product": {
"name": "winpr-devel-3.24.1-1.1.x86_64",
"product_id": "winpr-devel-3.24.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64"
},
"product_reference": "freerdp-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le"
},
"product_reference": "freerdp-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x"
},
"product_reference": "freerdp-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64"
},
"product_reference": "freerdp-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-devel-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64"
},
"product_reference": "freerdp-devel-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-devel-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le"
},
"product_reference": "freerdp-devel-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-devel-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x"
},
"product_reference": "freerdp-devel-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-devel-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64"
},
"product_reference": "freerdp-devel-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64"
},
"product_reference": "freerdp-proxy-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le"
},
"product_reference": "freerdp-proxy-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x"
},
"product_reference": "freerdp-proxy-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64"
},
"product_reference": "freerdp-proxy-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-plugins-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64"
},
"product_reference": "freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-plugins-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le"
},
"product_reference": "freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-plugins-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x"
},
"product_reference": "freerdp-proxy-plugins-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-proxy-plugins-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64"
},
"product_reference": "freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-sdl-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64"
},
"product_reference": "freerdp-sdl-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-sdl-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le"
},
"product_reference": "freerdp-sdl-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-sdl-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x"
},
"product_reference": "freerdp-sdl-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-sdl-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64"
},
"product_reference": "freerdp-sdl-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-server-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64"
},
"product_reference": "freerdp-server-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-server-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le"
},
"product_reference": "freerdp-server-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-server-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x"
},
"product_reference": "freerdp-server-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-server-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64"
},
"product_reference": "freerdp-server-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-wayland-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64"
},
"product_reference": "freerdp-wayland-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-wayland-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le"
},
"product_reference": "freerdp-wayland-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-wayland-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x"
},
"product_reference": "freerdp-wayland-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freerdp-wayland-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64"
},
"product_reference": "freerdp-wayland-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64"
},
"product_reference": "libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le"
},
"product_reference": "libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x"
},
"product_reference": "libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64"
},
"product_reference": "libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreerdp3-3-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64"
},
"product_reference": "libfreerdp3-3-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreerdp3-3-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le"
},
"product_reference": "libfreerdp3-3-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreerdp3-3-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x"
},
"product_reference": "libfreerdp3-3-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreerdp3-3-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64"
},
"product_reference": "libfreerdp3-3-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librdtk0-0-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64"
},
"product_reference": "librdtk0-0-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librdtk0-0-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le"
},
"product_reference": "librdtk0-0-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librdtk0-0-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x"
},
"product_reference": "librdtk0-0-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librdtk0-0-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64"
},
"product_reference": "librdtk0-0-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuwac0-0-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64"
},
"product_reference": "libuwac0-0-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuwac0-0-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le"
},
"product_reference": "libuwac0-0-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuwac0-0-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x"
},
"product_reference": "libuwac0-0-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libuwac0-0-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64"
},
"product_reference": "libuwac0-0-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr3-3-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64"
},
"product_reference": "libwinpr3-3-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr3-3-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le"
},
"product_reference": "libwinpr3-3-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr3-3-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x"
},
"product_reference": "libwinpr3-3-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwinpr3-3-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64"
},
"product_reference": "libwinpr3-3-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rdtk0-devel-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64"
},
"product_reference": "rdtk0-devel-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rdtk0-devel-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le"
},
"product_reference": "rdtk0-devel-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rdtk0-devel-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x"
},
"product_reference": "rdtk0-devel-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rdtk0-devel-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64"
},
"product_reference": "rdtk0-devel-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uwac0-devel-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64"
},
"product_reference": "uwac0-devel-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uwac0-devel-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le"
},
"product_reference": "uwac0-devel-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uwac0-devel-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x"
},
"product_reference": "uwac0-devel-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uwac0-devel-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64"
},
"product_reference": "uwac0-devel-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "winpr-devel-3.24.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64"
},
"product_reference": "winpr-devel-3.24.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "winpr-devel-3.24.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le"
},
"product_reference": "winpr-devel-3.24.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "winpr-devel-3.24.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x"
},
"product_reference": "winpr-devel-3.24.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "winpr-devel-3.24.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
},
"product_reference": "winpr-devel-3.24.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25941"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client\u0027s RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory by sending a crafted WIRE_TO_SURFACE_2 PDU with a `bitmapDataLength` value larger than the actual data in the packet. This can lead to information disclosure or client crashes when a user connects to a malicious server. Versions 2.11.8 and 3.23.0 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25941",
"url": "https://www.suse.com/security/cve/CVE-2026-25941"
},
{
"category": "external",
"summary": "SUSE Bug 1258919 for CVE-2026-25941",
"url": "https://bugzilla.suse.com/1258919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25941"
},
{
"cve": "CVE-2026-25942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25942"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0-6) with an unchecked `execResult-\u003eexecResult` value received from the server, allowing an out-of-bounds read when the server sends an `execResult` value of 7 or greater. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25942",
"url": "https://www.suse.com/security/cve/CVE-2026-25942"
},
{
"category": "external",
"summary": "SUSE Bug 1258920 for CVE-2026-25942",
"url": "https://bugzilla.suse.com/1258920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25942"
},
{
"cve": "CVE-2026-25952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25952"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_server_min_max_info` returns an unprotected pointer from the `railWindows` hash table, and the main thread can concurrently delete the window (via a window delete order) while the RAIL channel thread is still using the pointer. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25952",
"url": "https://www.suse.com/security/cve/CVE-2026-25952"
},
{
"category": "external",
"summary": "SUSE Bug 1258921 for CVE-2026-25952",
"url": "https://bugzilla.suse.com/1258921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25952"
},
{
"cve": "CVE-2026-25953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25953"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare pointer via `xf_rail_get_window` without any lifetime protection, while the main thread can concurrently delete the window through a fastpath window-delete order. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25953",
"url": "https://www.suse.com/security/cve/CVE-2026-25953"
},
{
"category": "external",
"summary": "SUSE Bug 1258923 for CVE-2026-25953",
"url": "https://bugzilla.suse.com/1258923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25953"
},
{
"cve": "CVE-2026-25954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25954"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` returns an unprotected pointer from the `railWindows` hash table, and the main thread can concurrently delete the window (via a window delete order) while the RAIL channel thread is still using the pointer. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25954",
"url": "https://www.suse.com/security/cve/CVE-2026-25954"
},
{
"category": "external",
"summary": "SUSE Bug 1258924 for CVE-2026-25954",
"url": "https://bugzilla.suse.com/1258924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25954"
},
{
"cve": "CVE-2026-25955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25955"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surface-\u003edata` without invalidating the `appWindow-\u003eimage` that aliases it. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25955",
"url": "https://www.suse.com/security/cve/CVE-2026-25955"
},
{
"category": "external",
"summary": "SUSE Bug 1258973 for CVE-2026-25955",
"url": "https://bugzilla.suse.com/1258973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25955"
},
{
"cve": "CVE-2026-25959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25959"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls `xf_cliprdr_clear_cached_data` -\u003e `HashTable_Clear` which frees the same data via `xf_cached_data_free`, triggering a heap use after free. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25959",
"url": "https://www.suse.com/security/cve/CVE-2026-25959"
},
{
"category": "external",
"summary": "SUSE Bug 1258976 for CVE-2026-25959",
"url": "https://bugzilla.suse.com/1258976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25959"
},
{
"cve": "CVE-2026-25997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25997"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconnect) frees the array while the X11 event thread concurrently iterates it in `xf_clipboard_changed`, triggering a heap use after free. Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25997",
"url": "https://www.suse.com/security/cve/CVE-2026-25997"
},
{
"category": "external",
"summary": "SUSE Bug 1258977 for CVE-2026-25997",
"url": "https://bugzilla.suse.com/1258977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25997"
},
{
"cve": "CVE-2026-26271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26271"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26271",
"url": "https://www.suse.com/security/cve/CVE-2026-26271"
},
{
"category": "external",
"summary": "SUSE Bug 1258979 for CVE-2026-26271",
"url": "https://bugzilla.suse.com/1258979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-26271"
},
{
"cve": "CVE-2026-26955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26955"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e.g., `xfreerdp`) by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination rectangle. The `gdi_SurfaceCommand_ClearCodec()` handler does not call `is_within_surface()` to validate the command rectangle against the destination surface dimensions, allowing attacker-controlled `cmd-\u003eleft`/`cmd-\u003etop` (and subcodec rectangle offsets) to reach image copy routines that write into `surface-\u003edata` without bounds enforcement. The OOB write corrupts an adjacent `gdiGfxSurface` struct\u0027s `codecs*` pointer with attacker-controlled pixel data, and corruption of `codecs*` is sufficient to reach an indirect function pointer call (`NSC_CONTEXT.decode` at `nsc.c:500`) on a subsequent codec command - full instruction pointer (RIP) control demonstrated in exploitability harness. Users should upgrade to version 3.23.0 to receive a patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26955",
"url": "https://www.suse.com/security/cve/CVE-2026-26955"
},
{
"category": "external",
"summary": "SUSE Bug 1258982 for CVE-2026-26955",
"url": "https://bugzilla.suse.com/1258982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26955"
},
{
"cve": "CVE-2026-26965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26965"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle()` writes into `pDstData` at `((nYDst+y) * nDstStep) + (4*nXDst) + nChannel` without verifying that `(nYDst+nSrcHeight)` fits in the destination height or that `(nXDst+nSrcWidth)` fits in the destination stride. When `TempFormat != DstFormat`, `pDstData` becomes `planar-\u003epTempData` (sized for the desktop), while `nYDst` is only validated against the **surface** by `is_within_surface()`. A malicious RDP server can exploit this to perform a heap out-of-bounds write with attacker-controlled offset and pixel data on any connecting FreeRDP client. The OOB write reaches up to 132,096 bytes past the temp buffer end, and on the brk heap (desktop \u2264 128x128), an adjacent `NSC_CONTEXT` struct\u0027s `decode` function pointer is overwritten with attacker-controlled pixel data - control-flow-relevant corruption (function pointer overwritten) demonstrated under deterministic heap layout (`nsc-\u003edecode = 0xFF414141FF414141`). Version 3.23.0 fixes the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26965",
"url": "https://www.suse.com/security/cve/CVE-2026-26965"
},
{
"category": "external",
"summary": "SUSE Bug 1258985 for CVE-2026-26965",
"url": "https://bugzilla.suse.com/1258985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26965"
},
{
"cve": "CVE-2026-29774",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-29774"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client\u0027s AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp() function (line 347) only validates top/bottom against the surface/YUV height, but never checks left/right against the surface width. When avc420_yuv_to_rgb (line 67) computes destination and source pointers using rect-\u003eleft, it performs unchecked pointer arithmetic that can reach far beyond the allocated surface buffer. A malicious server sends a WIRE_TO_SURFACE_PDU_1 with AVC420 codec containing a regionRects entry where left greatly exceeds the surface width (e.g., left=60000 on a 128px surface). The H.264 bitstream decodes successfully, then yuv420_process_work_callback calls avc420_yuv_to_rgb which computes pDstPoint = pDstData + rect-\u003etop * nDstStep + rect-\u003eleft * 4, writing 16-byte SSE vectors 1888+ bytes past the allocated heap region. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-29774",
"url": "https://www.suse.com/security/cve/CVE-2026-29774"
},
{
"category": "external",
"summary": "SUSE Bug 1259689 for CVE-2026-29774",
"url": "https://bugzilla.suse.com/1259689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-29774"
},
{
"cve": "CVE-2026-29775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-29775"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP\u0027s bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can send a CACHE_BITMAP_ORDER (Rev1) with cacheId equal to maxCells, bypassing the guard and accessing cells[] one element past the allocated array. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-29775",
"url": "https://www.suse.com/security/cve/CVE-2026-29775"
},
{
"category": "external",
"summary": "SUSE Bug 1259684 for CVE-2026-29775",
"url": "https://bugzilla.suse.com/1259684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2026-29775"
},
{
"cve": "CVE-2026-29776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-29776"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP\u0027s Core Library This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-29776",
"url": "https://www.suse.com/security/cve/CVE-2026-29776"
},
{
"category": "external",
"summary": "SUSE Bug 1259692 for CVE-2026-29776",
"url": "https://bugzilla.suse.com/1259692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2026-29776"
},
{
"cve": "CVE-2026-31806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31806"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly validated against the actual desktop dimensions. A malicious RDP server can supply crafted bmp.width and bmp.height values that exceed the expected surface size. Because these values are used during bitmap decoding and memory operations without proper bounds checking, this can lead to a heap buffer overflow. Since the attacker can also control the associated pixel data transmitted by the server, the overflow may be exploitable to overwrite adjacent heap memory. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31806",
"url": "https://www.suse.com/security/cve/CVE-2026-31806"
},
{
"category": "external",
"summary": "SUSE Bug 1259653 for CVE-2026-31806",
"url": "https://bugzilla.suse.com/1259653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31806"
},
{
"cve": "CVE-2026-31883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31883"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size \u003e 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31883",
"url": "https://www.suse.com/security/cve/CVE-2026-31883"
},
{
"category": "external",
"summary": "SUSE Bug 1259679 for CVE-2026-31883",
"url": "https://bugzilla.suse.com/1259679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31883"
},
{
"cve": "CVE-2026-31884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31884"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context-\u003ecommon.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31884",
"url": "https://www.suse.com/security/cve/CVE-2026-31884"
},
{
"category": "external",
"summary": "SUSE Bug 1259680 for CVE-2026-31884",
"url": "https://bugzilla.suse.com/1259680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31884"
},
{
"cve": "CVE-2026-31885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31885"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31885",
"url": "https://www.suse.com/security/cve/CVE-2026-31885"
},
{
"category": "external",
"summary": "SUSE Bug 1259686 for CVE-2026-31885",
"url": "https://bugzilla.suse.com/1259686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31885"
},
{
"cve": "CVE-2026-31897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31897"
}
],
"notes": [
{
"category": "general",
"text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize \u003e= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31897",
"url": "https://www.suse.com/security/cve/CVE-2026-31897"
},
{
"category": "external",
"summary": "SUSE Bug 1259693 for CVE-2026-31897",
"url": "https://bugzilla.suse.com/1259693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-proxy-plugins-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-sdl-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-server-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:freerdp-wayland-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libfreerdp3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:librdtk0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libuwac0-0-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:libwinpr3-3-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:rdtk0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:uwac0-devel-3.24.1-1.1.x86_64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.aarch64",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.ppc64le",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.s390x",
"openSUSE Tumbleweed:winpr-devel-3.24.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-23T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2026-31897"
}
]
}
FKIE_CVE-2026-31897
Vulnerability from fkie_nvd - Published: 2026-03-13 19:54 - Updated: 2026-03-17 12:57
Severity ?
0.0 (None) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97FCA262-35C3-4B6B-A321-15CE780FCA20",
"versionEndExcluding": "3.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize \u003e= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0."
},
{
"lang": "es",
"value": "FreeRDP es una implementaci\u00f3n gratuita del Protocolo de Escritorio Remoto. Antes de la versi\u00f3n 3.24.0, existe una lectura fuera de l\u00edmites en freerdp_bitmap_decompress_planar cuando SrcSize es 0. La funci\u00f3n desreferencia *srcp (que apunta a pSrcData) sin verificar primero que SrcSize \u0026gt;= 1. Cuando SrcSize es 0 y pSrcData no es NULL, esto lee un byte m\u00e1s all\u00e1 del final del b\u00fafer de origen. Esta vulnerabilidad se corrige en la versi\u00f3n 3.24.0."
}
],
"id": "CVE-2026-31897",
"lastModified": "2026-03-17T12:57:00.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 0.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-03-13T19:54:38.023",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…