SB2026021005 - Multiple vulnerabilities in FreeRDP
Published: February 10, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2026-23948)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in rdp_write_logon_info_v2(). A remote attacker can trick the victim into connecting to a malicious server and crash the application.
2) Use-after-free (CVE-ID: CVE-2026-24680)
The vulnerability allows a remote attacker to compromise vulnerable system.The vulnerability exists due to a use-after-free error in update_pointer_new(SDL) function. A remote attacker can trick the victim into connecting to a malicious server and execute arbitrary code on the system.
3) Use-after-free (CVE-ID: CVE-2026-24491)
The vulnerability allows a remote attacker to compromise vulnerable system.The vulnerability exists due to a use-after-free error in video_timer() function. A remote attacker can trick the victim into connecting to a malicious server and execute arbitrary code on the system.
4) Use-after-free (CVE-ID: CVE-2026-24675)
The vulnerability allows a remote attacker to compromise vulnerable system.The vulnerability exists due to a use-after-free error in urb_select_interface() function. A remote attacker can trick the victim into connecting to a malicious server and execute arbitrary code on the system.
5) Use-after-free (CVE-ID: CVE-2026-24681)
The vulnerability allows a remote attacker to compromise vulnerable system.The vulnerability exists due to a use-after-free error in urb_bulk_transfer_cb() function. A remote attacker can trick the victim into connecting to a malicious server and execute arbitrary code on the system.
6) Heap-based buffer overflow (CVE-ID: CVE-2026-24679)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability exists due to a boundary error in urb_select_interface() function. A remote attacker can trick the victim into connecting to a malicious server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
7) Use-after-free (CVE-ID: CVE-2026-24684)
The vulnerability allows a remote attacker to compromise vulnerable system.The vulnerability exists due to a use-after-free error in play_thread() function. A remote attacker can trick the victim into connecting to a malicious server and execute arbitrary code on the system.
8) Use-after-free (CVE-ID: CVE-2026-24678)
The vulnerability allows a remote attacker to compromise vulnerable system.The vulnerability exists due to a use-after-free error in cam_v4l_stream_capture_thread() function. A remote attacker can trick the victim into connecting to a malicious server and execute arbitrary code on the system.
9) Heap-based buffer overflow (CVE-ID: CVE-2026-24677)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability exists due to a boundary error in ecam_encoder_compress_h264() function. A remote attacker can trick the victim into connecting to a malicious server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
10) Use-after-free (CVE-ID: CVE-2026-24676)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in audio_format_compatible() function. A remote attacker can trick the victim into connecting to a malicious server and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Use-after-free (CVE-ID: CVE-2026-24683)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in ainput_send_input_event() function. A remote attacker can trick the victim into connecting to a malicious server and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
12) Heap-based buffer overflow (CVE-ID: CVE-2026-24682)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in audio_formats_free() function. A remote attacker can trick the victim into connecting to a malicious server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6f3c-qvqq-2px5
- https://github.com/FreeRDP/FreeRDP/commit/4d44e3c097656a8b9ec696353647b0888ca45860
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j893-9wg8-33rc
- https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4x6j-w49r-869g
- https://github.com/FreeRDP/FreeRDP/commit/e02e052f6692550e539d10f99de9c35a23492db2
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x9jr-99h2-g7mj
- https://github.com/FreeRDP/FreeRDP/commit/d676518809c319eec15911c705c13536036af2ae
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ccvv-hg2w-6x9j
- https://github.com/FreeRDP/FreeRDP/commit/414f701464929c217f2509bcbd6d2c1f00f7ed73
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2jp4-67x6-gv7x
- https://github.com/FreeRDP/FreeRDP/commit/2d563a50be17c1b407ca448b1321378c0726dd31
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q
- https://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696
- https://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h
- https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xw37-j744-f8v7
- https://github.com/FreeRDP/FreeRDP/commit/d2d4f449312ddafd4a4c6c8a4f856c7f0d44a3b5
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qh5p-frq4-pgxj
- https://github.com/FreeRDP/FreeRDP/commit/026b81ae5831ac1598d8f7371e0d0996fac7db00
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-45pf-68pj-fg8q
- https://github.com/FreeRDP/FreeRDP/commit/d9ca272dce7a776ab475e9b1a8e8c3d2968c8486
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcw2-pqgw-mx6g
- https://github.com/FreeRDP/FreeRDP/commit/1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee