{"affected":[{"ecosystem_specific":{"binaries":[{"uwac0-0-devel":"2.11.2-150600.4.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP7","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.11.2-150600.4.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"freerdp":"2.11.2-150600.4.6.1","freerdp-devel":"2.11.2-150600.4.6.1","freerdp-proxy":"2.11.2-150600.4.6.1","freerdp-server":"2.11.2-150600.4.6.1","freerdp-wayland":"2.11.2-150600.4.6.1","libfreerdp2-2":"2.11.2-150600.4.6.1","libuwac0-0":"2.11.2-150600.4.6.1","libwinpr2-2":"2.11.2-150600.4.6.1","uwac0-0-devel":"2.11.2-150600.4.6.1","winpr-devel":"2.11.2-150600.4.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"freerdp","purl":"pkg:rpm/opensuse/freerdp&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.11.2-150600.4.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for freerdp fixes the following issues:\n\n- CVE-2026-22852: a  malicious RDP server can trigger a heap-buffer-overflow in audin_process_formats (bsc#1256718).\n- CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause\n  heap-buffer-overflow in drive_process_irp_read (bsc#1256720).\n- CVE-2026-22856: race condition in the serial channel IRP thread tracking can cause heap-use-after-free\n  in create_irp_thread(bsc#1256722).\n- CVE-2026-22859: improper bound check can lead to heap-buffer-overflow in urb_select_configuration (bsc#1256725).\n- CVE-2026-23530: improper validation can lead to heap buffer overflow in `planar_decompress_plane_rle` (bsc#1256940).\n- CVE-2026-23531: improper validation in `clear_decompress` can lead to heap buffer overflow (bsc#1256941).\n- CVE-2026-23532: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer\n  overflow in `gdi_SurfaceToSurface` (bsc#1256942).\n- CVE-2026-23534: missing checks can lead to heap buffer overflow in `clear_decompress_bands_data` (bsc#1256944).\n","id":"SUSE-SU-2026:0417-1","modified":"2026-02-10T14:14:15Z","published":"2026-02-10T14:14:15Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260417-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256718"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256720"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256722"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256725"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256940"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256941"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256942"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256944"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-22852"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-22854"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-22856"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-22859"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-23530"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-23531"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-23532"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-23534"}],"related":["CVE-2026-22852","CVE-2026-22854","CVE-2026-22856","CVE-2026-22859","CVE-2026-23530","CVE-2026-23531","CVE-2026-23532","CVE-2026-23534"],"summary":"Security update for freerdp","upstream":["CVE-2026-22852","CVE-2026-22854","CVE-2026-22856","CVE-2026-22859","CVE-2026-23530","CVE-2026-23531","CVE-2026-23532","CVE-2026-23534"]}