Register | Log in

freerdp2

Choose email to subscribe with

general

source: freerdp2 (main)
version: 2.10.0+dfsg1-1
maintainer: Debian Remote Maintainers (archive) (DMD)
uploaders: Mike Gabriel [DMD] – Bernhard Miklautz [DMD]
arch: any
std-ver: 4.6.2
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.3.0+dfsg1-2+deb11u1
o-o-sec: 2.3.0+dfsg1-2+deb11u3
oldstable: 2.10.0+dfsg1-1

versioned links

2.3.0+dfsg1-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.3.0+dfsg1-2+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.10.0+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

freerdp2-dev
freerdp2-shadow-x11
freerdp2-wayland
freerdp2-x11
libfreerdp-client2-2
libfreerdp-server2-2
libfreerdp-shadow-subsystem2-2
libfreerdp-shadow2-2
libfreerdp2-2
libuwac0-0
libuwac0-dev
libwinpr-tools2-2
libwinpr2-2
libwinpr2-dev
winpr-utils

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:00:41
Last run: 2025-01-21T14:57:43.000Z
Previous status: unknown

testing: pass (log)
The tests ran in 0:01:31
Last run: 2024-12-21T05:09:54.000Z
Previous status: unknown

Created: 2025-01-21 Last update: 2026-01-15 12:03

11 security issues in bullseye high

There are 11 open security issues in bullseye.

9 important issues:

CVE-2026-22851: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1.
CVE-2026-22852: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1.
CVE-2026-22853: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.
CVE-2026-22854: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.
CVE-2026-22855: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
CVE-2026-22856: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.
CVE-2026-22857: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.
CVE-2026-22858: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
CVE-2026-22859: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.

1 issue postponed or untriaged:

CVE-2022-39317: (needs triaging) FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.

1 ignored issue:

CVE-2021-41159: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

Created: 2026-01-15 Last update: 2026-01-15 04:31

9 security issues in bookworm high

There are 9 open security issues in bookworm.

9 important issues:

CVE-2026-22851: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1.
CVE-2026-22852: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1.
CVE-2026-22853: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.
CVE-2026-22854: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.
CVE-2026-22855: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
CVE-2026-22856: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.
CVE-2026-22857: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.
CVE-2026-22858: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
CVE-2026-22859: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.

Created: 2026-01-15 Last update: 2026-01-15 04:31

news

[2025-10-19] Accepted freerdp2 2.11.7+dfsg1-6~deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Tobias Frost)
[2025-02-27] Accepted freerdp2 2.3.0+dfsg1-2+deb11u3 (source) into oldstable-security (Tobias Frost)
[2025-02-15] Accepted freerdp2 2.3.0+dfsg1-2+deb11u2 (source) into oldstable-security (Tobias Frost)
[2025-01-20] freerdp2 REMOVED from testing (Debian testing watch)
[2025-01-19] Removed 2.11.7+dfsg1-6 from unstable (Debian FTP Masters)
[2024-12-21] freerdp2 2.11.7+dfsg1-6 MIGRATED to testing (Debian testing watch)
[2024-12-18] Accepted freerdp2 2.11.7+dfsg1-6 (source) into unstable (Adrien Nader) (signed by: Jeremy Bicha)
[2024-12-17] Accepted freerdp2 2.11.7+dfsg1-5 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-10-07] freerdp2 2.11.7+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2024-10-04] Accepted freerdp2 2.11.7+dfsg1-4 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-10-03] Accepted freerdp2 2.11.7+dfsg1-3 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-07-20] Accepted freerdp2 2.11.7+dfsg1-2 (source) into unstable (Mike Gabriel)
[2024-07-15] Accepted freerdp2 2.11.7+dfsg1-1 (source) into unstable (Mike Gabriel)
[2024-05-03] freerdp2 2.11.5+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2024-03-25] Accepted freerdp2 2.11.5+dfsg1-1 (source) into unstable (Mike Gabriel)
[2024-02-01] Accepted freerdp2 2.11.2+dfsg1-1.1~exp2 (source) into experimental (Lukas Märdian)
[2024-01-30] Accepted freerdp2 2.11.2+dfsg1-1.1~exp1 (source amd64) into experimental (Lukas Märdian)
[2023-11-17] Accepted freerdp2 2.3.0+dfsg1-2+deb10u4 (source) into oldoldstable (Tobias Frost)
[2023-10-07] Accepted freerdp2 2.3.0+dfsg1-2+deb10u3 (source) into oldoldstable (Tobias Frost)
[2023-10-07] freerdp2 2.11.2+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2023-10-01] Accepted freerdp2 2.11.2+dfsg1-1 (source) into unstable (Mike Gabriel)
[2023-08-12] freerdp2 2.10.0+dfsg1-1.1 MIGRATED to testing (Debian testing watch)
[2023-08-12] freerdp2 2.10.0+dfsg1-1.1 MIGRATED to testing (Debian testing watch)
[2023-08-07] Accepted freerdp2 2.10.0+dfsg1-1.1 (source) into unstable (Héctor Orón Martínez) (signed by: Hector Oron Martinez)
[2023-03-17] Accepted freerdp2 2.10.0+dfsg1-1~bpo11+1 (source) into bullseye-backports (Michael Tokarev)
[2023-03-09] freerdp2 2.10.0+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2023-02-26] Accepted freerdp2 2.10.0+dfsg1-1 (source) into unstable (Mike Gabriel)
[2022-12-04] Accepted freerdp2 2.9.0+dfsg1-1~bpo11+1 (source) into bullseye-backports (Michael Tokarev)
[2022-12-03] freerdp2 2.9.0+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2022-11-28] Accepted freerdp2 2.9.0+dfsg1-1 (source) into unstable (Mike Gabriel)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing