Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2026-24678
Vulnerability from osv_ubuntu
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "freerdp3-proxy",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "freerdp3-proxy-modules",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "freerdp3-sdl",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "freerdp3-shadow-x11",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "freerdp3-wayland",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "freerdp3-x11",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp-client3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp-server-proxy3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp-server3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp-shadow-subsystem3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp-shadow3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libwinpr-tools3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libwinpr3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "winpr3-utils",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "freerdp3",
"purl": "pkg:deb/ubuntu/freerdp3@3.16.0+dfsg-2ubuntu0.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.16.0+dfsg-2ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.14.0+dfsg-1ubuntu1",
"3.15.0+dfsg-2.1",
"3.16.0+dfsg-1ubuntu1",
"3.16.0+dfsg-2"
]
}
],
"aliases": [],
"details": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.",
"id": "UBUNTU-CVE-2026-24678",
"modified": "2026-06-30T16:19:38Z",
"published": "2026-02-09T19:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24678"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24678"
},
{
"type": "REPORT",
"url": "https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8042-1"
}
],
"related": [
"USN-8042-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-24678"
]
}
CVE-2026-24678 (GCVE-0-2026-24678)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:17 – Updated: 2026-07-15 01:17| URL | Tags |
|---|---|
| https://github.com/FreeRDP/FreeRDP/security/advis… | x_refsource_CONFIRM |
| https://github.com/FreeRDP/FreeRDP/commit/f3ab1a1… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-24678 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2438197 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:4121 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3068 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19033 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| FreeRDP | FreeRDP |
Affected:
< 3.22.0
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
2:3.10.3-12.el10_2.2 , < *
(rpm)
Unaffected: 2:3.10.3-5.el10_1.2 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
2:3.10.3-3.el10_0.2 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:40:06.900664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:02:14.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "freerdp",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:3.10.3-12.el10_2.2",
"versionType": "rpm"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "2:3.10.3-5.el10_1.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "freerdp",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:3.10.3-3.el10_0.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "freerdp",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "freerdp",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "freerdp",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "freerdp",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-09T18:17:27.040Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service flaw has been found in FreeRDP. A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-825",
"description": "Expired Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:17:11.927Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-24678"
},
{
"name": "RHBZ#2438197",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438197"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24678.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4121"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3068"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19033"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:4121: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3068: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19033: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-09T20:01:06.670Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-09T18:17:27.040Z",
"value": "Made public."
}
],
"title": "freerdp: FreeRDP: Denial of Service via use after free in ecam_channel_write",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:17:27.040Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600"
}
],
"source": {
"advisory": "GHSA-6gvg-29wx-6v7h",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24678",
"datePublished": "2026-02-09T18:17:27.040Z",
"dateReserved": "2026-01-23T20:40:23.388Z",
"dateUpdated": "2026-07-15T01:17:11.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
usn-8042-1
Vulnerability from osv_ubuntu
It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-23948)
It was discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24491)
It was discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-24675, CVE-2026-24679, CVE-2026-24682)
It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2026-24676, CVE-2026-24681)
It was discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 25.10. (CVE-2026-24677)
It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 25.10. (CVE-2026-24678)
It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24680)
It was discovered that FreeRDP had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24683, CVE-2026-24684)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-23948",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24675",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24676",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24679",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24681",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24682",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "freerdp2-shadow-x11",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "freerdp2-wayland",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "freerdp2-x11",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "libfreerdp-client2-2",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "libfreerdp-server2-2",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "libfreerdp-shadow-subsystem2-2",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "libfreerdp-shadow2-2",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "libfreerdp2-2",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "libuwac0-0",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "libwinpr-tools2-2",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "libwinpr2-2",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
},
{
"binary_name": "winpr-utils",
"binary_version": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "freerdp2",
"purl": "pkg:deb/ubuntu/freerdp2@2.2.0+dfsg1-0ubuntu0.18.04.4+esm5?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.0+dfsg1-0ubuntu0.18.04.4+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.0~git20170725.1.1648deb+dfsg1-1",
"2.0.0~git20170725.1.1648deb+dfsg1-5",
"2.0.0~git20170725.1.1648deb+dfsg1-5ubuntu1",
"2.0.0~git20170725.1.1648deb+dfsg1-5ubuntu2",
"2.0.0~git20170725.1.1648deb+dfsg1-6",
"2.0.0~git20170725.1.1648deb+dfsg1-6build1",
"2.0.0~git20170725.1.1648deb+dfsg1-7",
"2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1",
"2.1.1+dfsg1-0ubuntu0.18.04.1",
"2.2.0+dfsg1-0ubuntu0.18.04.1",
"2.2.0+dfsg1-0ubuntu0.18.04.2",
"2.2.0+dfsg1-0ubuntu0.18.04.3",
"2.2.0+dfsg1-0ubuntu0.18.04.4",
"2.2.0+dfsg1-0ubuntu0.18.04.4+esm1",
"2.2.0+dfsg1-0ubuntu0.18.04.4+esm2",
"2.2.0+dfsg1-0ubuntu0.18.04.4+esm3",
"2.2.0+dfsg1-0ubuntu0.18.04.4+esm4"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-23948",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24675",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24676",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24679",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24681",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24682",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24683",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24684",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "freerdp2-shadow-x11",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "freerdp2-wayland",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "freerdp2-x11",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "libfreerdp-client2-2",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "libfreerdp-server2-2",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "libfreerdp-shadow-subsystem2-2",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "libfreerdp-shadow2-2",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "libfreerdp2-2",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "libuwac0-0",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "libwinpr-tools2-2",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "libwinpr2-2",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
},
{
"binary_name": "winpr-utils",
"binary_version": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "freerdp2",
"purl": "pkg:deb/ubuntu/freerdp2@2.6.1+dfsg1-0ubuntu0.20.04.2+esm3?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.1+dfsg1-0ubuntu0.20.04.2+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.0~git20190204.1.2693389a+dfsg1-1",
"2.0.0~git20190204.1.2693389a+dfsg1-2",
"2.0.0~git20190204.1.2693389a+dfsg1-2build1",
"2.0.0~git20190204.1.2693389a+dfsg1-2build2",
"2.1.1+dfsg1-0ubuntu0.20.04.1",
"2.2.0+dfsg1-0ubuntu0.20.04.1",
"2.2.0+dfsg1-0ubuntu0.20.04.2",
"2.2.0+dfsg1-0ubuntu0.20.04.3",
"2.2.0+dfsg1-0ubuntu0.20.04.4",
"2.2.0+dfsg1-0ubuntu0.20.04.5",
"2.2.0+dfsg1-0ubuntu0.20.04.6",
"2.6.1+dfsg1-0ubuntu0.20.04.1",
"2.6.1+dfsg1-0ubuntu0.20.04.2",
"2.6.1+dfsg1-0ubuntu0.20.04.2+esm1",
"2.6.1+dfsg1-0ubuntu0.20.04.2+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-23948",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24675",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24676",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24679",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24681",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24682",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24683",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24684",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "freerdp2-shadow-x11",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "freerdp2-wayland",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "freerdp2-x11",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "libfreerdp-client2-2",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "libfreerdp-server2-2",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "libfreerdp-shadow-subsystem2-2",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "libfreerdp-shadow2-2",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "libfreerdp2-2",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "libuwac0-0",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "libwinpr-tools2-2",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "libwinpr2-2",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
},
{
"binary_name": "winpr-utils",
"binary_version": "2.6.1+dfsg1-3ubuntu2.10"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "freerdp2",
"purl": "pkg:deb/ubuntu/freerdp2@2.6.1+dfsg1-3ubuntu2.10?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.1+dfsg1-3ubuntu2.10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0+dfsg1-2build1",
"2.3.0+dfsg1-2ubuntu1",
"2.3.0+dfsg1-2ubuntu2",
"2.4.1+dfsg1-1",
"2.4.1+dfsg1-1ubuntu1",
"2.4.1+dfsg1-1ubuntu2",
"2.5.0+dfsg1-1",
"2.6.0+dfsg1-1",
"2.6.1+dfsg1-1",
"2.6.1+dfsg1-3",
"2.6.1+dfsg1-3ubuntu1",
"2.6.1+dfsg1-3ubuntu2",
"2.6.1+dfsg1-3ubuntu2.1",
"2.6.1+dfsg1-3ubuntu2.2",
"2.6.1+dfsg1-3ubuntu2.3",
"2.6.1+dfsg1-3ubuntu2.4",
"2.6.1+dfsg1-3ubuntu2.5",
"2.6.1+dfsg1-3ubuntu2.6",
"2.6.1+dfsg1-3ubuntu2.7",
"2.6.1+dfsg1-3ubuntu2.8",
"2.6.1+dfsg1-3ubuntu2.9"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-23948",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24491",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24675",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24676",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24679",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24680",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24681",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24682",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24683",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24684",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "freerdp3-shadow-x11",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
},
{
"binary_name": "freerdp3-wayland",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
},
{
"binary_name": "freerdp3-x11",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
},
{
"binary_name": "libfreerdp-client3-3",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
},
{
"binary_name": "libfreerdp-server3-3",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
},
{
"binary_name": "libfreerdp-shadow-subsystem3-3",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
},
{
"binary_name": "libfreerdp-shadow3-3",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
},
{
"binary_name": "libfreerdp3-3",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
},
{
"binary_name": "libwinpr-tools3-3",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
},
{
"binary_name": "libwinpr3-3",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
},
{
"binary_name": "winpr3-utils",
"binary_version": "3.5.1+dfsg1-0ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "freerdp3",
"purl": "pkg:deb/ubuntu/freerdp3@3.5.1+dfsg1-0ubuntu1.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.1+dfsg1-0ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.0+dfsg1-0ubuntu2",
"3.4.0+dfsg1-0ubuntu3",
"3.4.0+dfsg1-0ubuntu4",
"3.5.0+dfsg1-0ubuntu1",
"3.5.1+dfsg1-0ubuntu1",
"3.5.1+dfsg1-0ubuntu1.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-23948",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24675",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24676",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24679",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24681",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24682",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24683",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24684",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "freerdp2-shadow-x11",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "freerdp2-wayland",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "freerdp2-x11",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "libfreerdp-client2-2t64",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "libfreerdp-server2-2t64",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "libfreerdp-shadow-subsystem2-2t64",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "libfreerdp-shadow2-2t64",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "libfreerdp2-2t64",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "libuwac0-0t64",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "libwinpr-tools2-2t64",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "libwinpr2-2t64",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
},
{
"binary_name": "winpr-utils",
"binary_version": "2.11.5+dfsg1-1ubuntu0.1~esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "freerdp2",
"purl": "pkg:deb/ubuntu/freerdp2@2.11.5+dfsg1-1ubuntu0.1~esm5?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.5+dfsg1-1ubuntu0.1~esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.10.0+dfsg1-1.1ubuntu1",
"2.11.2+dfsg1-1",
"2.11.2+dfsg1-1build1",
"2.11.2+dfsg1-1build3",
"2.11.5+dfsg1-1build1",
"2.11.5+dfsg1-1build2",
"2.11.5+dfsg1-1ubuntu0.1~esm1",
"2.11.5+dfsg1-1ubuntu0.1~esm2",
"2.11.5+dfsg1-1ubuntu0.1~esm3",
"2.11.5+dfsg1-1ubuntu0.1~esm4"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-23948",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24491",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24675",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24676",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24677",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24678",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24679",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24680",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24681",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24682",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24683",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-24684",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:25.10"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "freerdp3-proxy",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "freerdp3-proxy-modules",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "freerdp3-sdl",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "freerdp3-shadow-x11",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "freerdp3-wayland",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "freerdp3-x11",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp-client3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp-server-proxy3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp-server3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp-shadow-subsystem3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp-shadow3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libfreerdp3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libwinpr-tools3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "libwinpr3-3",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
},
{
"binary_name": "winpr3-utils",
"binary_version": "3.16.0+dfsg-2ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "freerdp3",
"purl": "pkg:deb/ubuntu/freerdp3@3.16.0+dfsg-2ubuntu0.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.16.0+dfsg-2ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.14.0+dfsg-1ubuntu1",
"3.15.0+dfsg-2.1",
"3.16.0+dfsg-1ubuntu1",
"3.16.0+dfsg-2"
]
}
],
"aliases": [],
"details": "It was discovered that FreeRDP incorrectly handled memory under certain\ncircumstances, which could lead to a NULL pointer dereference. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2026-23948)\n\nIt was discovered that FreeRDP did not correctly validate the size of\ncertain variables, which could cause a buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute arbitrary\ncode. This issue only affected FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu\n25.10. (CVE-2026-24491)\n\nIt was discovered that FreeRDP did not correctly validate the size of\ncertain variables, which could cause a buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2026-24675, CVE-2026-24679, CVE-2026-24682)\n\nIt was discovered that FreeRDP had a use after free vulnerability under\ncertain circumstances. An attacker could use this to cause a denial of\nservice or possibly execute arbitrary code. (CVE-2026-24676,\nCVE-2026-24681)\n\nIt was discovered that FreeRDP did not correctly validate the size of\ncertain variables, which could cause a buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute arbitrary\ncode. This issue only affected Ubuntu 25.10. (CVE-2026-24677)\n\nIt was discovered that FreeRDP had a use after free vulnerability under\ncertain circumstances. An attacker could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 25.10. (CVE-2026-24678)\n\nIt was discovered that FreeRDP had a use after free vulnerability under\ncertain circumstances. An attacker could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nFreeRDP3 in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24680)\n\nIt was discovered that FreeRDP had a use after free vulnerability under\ncertain circumstances. An attacker could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.\n(CVE-2026-24683, CVE-2026-24684)",
"id": "USN-8042-1",
"modified": "2026-06-30T15:54:50Z",
"published": "2026-02-16T10:04:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8042-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-23948"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24491"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24675"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24676"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24677"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24678"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24679"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24680"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24681"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24682"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24683"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-24684"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "freerdp2, freerdp3 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2026-23948",
"UBUNTU-CVE-2026-24491",
"UBUNTU-CVE-2026-24675",
"UBUNTU-CVE-2026-24676",
"UBUNTU-CVE-2026-24677",
"UBUNTU-CVE-2026-24678",
"UBUNTU-CVE-2026-24679",
"UBUNTU-CVE-2026-24680",
"UBUNTU-CVE-2026-24681",
"UBUNTU-CVE-2026-24682",
"UBUNTU-CVE-2026-24683",
"UBUNTU-CVE-2026-24684"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.