Debian Package Tracker
Register | Log in
Subscribe

freerdp3

Choose email to subscribe with

general
  • source: freerdp3 (main)
  • version: 3.29.0+dfsg-1
  • maintainer: Debian Remote Maintainers (archive) (DMD)
  • uploaders: Mike Gabriel [DMD] – Michael Tokarev [DMD] – Bernhard Miklautz [DMD]
  • arch: all any
  • std-ver: 4.7.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • old-bpo: 3.10.3+dfsg-1~bpo12+1
  • stable: 3.15.0+dfsg-2.1+deb13u3
  • stable-bpo: 3.26.0+dfsg-1~bpo13+1
  • testing: 3.27.0+dfsg-1
  • unstable: 3.29.0+dfsg-1
versioned links
  • 3.10.3+dfsg-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.15.0+dfsg-2.1+deb13u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.26.0+dfsg-1~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.27.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.29.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • freerdp-proxy
  • freerdp-proxy-modules
  • freerdp-sdl
  • freerdp-shadow-x11
  • freerdp-wayland (1 bugs: 0, 1, 0, 0)
  • freerdp-x11
  • freerdp3-dev
  • freerdp3-proxy
  • freerdp3-proxy-modules
  • freerdp3-sdl (1 bugs: 0, 0, 1, 0)
  • freerdp3-shadow-x11
  • freerdp3-wayland
  • freerdp3-x11
  • libfreerdp-client3-3
  • libfreerdp-server-proxy3-3
  • libfreerdp-server3-3
  • libfreerdp-shadow-subsystem3-3
  • libfreerdp-shadow3-3
  • libfreerdp3-3
  • libwinpr-tools3-3
  • libwinpr3-3
  • libwinpr3-dev
  • winpr-utils
  • winpr3-utils
action needed
Debci reports failed tests high
  • unstable: fail (log)
    The tests ran in 0:00:42
    Last run: 2026-07-14T18:34:15.000Z
    Previous status: unknown

  • testing: pass (log)
    The tests ran in 0:00:58
    Last run: 2026-07-12T18:18:41.000Z
    Previous status: unknown

  • stable: pass (log)
    The tests ran in 0:00:54
    Last run: 2025-11-08T21:05:21.000Z
    Previous status: unknown

Created: 2026-04-25 Last update: 2026-07-15 22:03
18 security issues in trixie high

There are 18 open security issues in trixie.

1 important issue:
  • CVE-2026-56297: FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by sending DYNVC_DATA and DYNVC_CLOSE messages concurrently, causing heap-use-after-free in the drdynvc client thread and potentially enabling remote code execution or denial of service.
17 issues left for the package maintainer to handle:
  • CVE-2026-27950: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0.
  • CVE-2026-27951: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create an endless blocking loop. This may affect all client and server implementations using `FreeRDP`. For practical exploitation this will only work on 32bit systems where the available physical memory is `>= SIZE_MAX`. Version 3.23.0 contains a patch. No known workarounds are available.
  • CVE-2026-40033: (needs triaging) FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash.
  • CVE-2026-44420: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.
  • CVE-2026-44421: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX, but then performs the copy using the original cacheEntry->width/height. This can cause a large out-of-bounds heap write and may lead to client crashes or code execution. This bug is reachable from a malicious RDP server, but only when the client has RDPGFX enabled. This vulnerability is fixed in 3.26.0.
  • CVE-2026-44422: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two pointer fields, the parser assigns the same heap object to both output fields. The generic destructor later walks each field independently and destroys/frees both pointers. This causes a malicious-server-triggerable heap use-after-free / double-free in the FreeRDP client's RDPEAR authentication-redirection path. This vulnerability is fixed in 3.26.0.
  • CVE-2026-45700: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate nXDst against the caller-provided destination stride (nDstStep) even when it is writing into the internal temp buffer pTempData. An attacker can bypass the check with a large nDstStep and a large nXDst, causing planar_decompress_plane_rle() to write past the end of pTempData. This vulnerability is fixed in 3.26.0.
  • CVE-2026-55191: (needs triaging)
  • CVE-2026-55192: (needs triaging)
  • CVE-2026-55193: (needs triaging)
  • CVE-2026-55194: (needs triaging)
  • CVE-2026-55564: (needs triaging)
  • CVE-2026-55648: (needs triaging)
  • CVE-2026-55827: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap->data only for the smaller DstWidth and DstHeight in gdi_Bitmap_Decompress, allowing a malicious RDP server to trigger a heap out-of-bounds write with attacker-controlled offset and content. This issue is fixed in version 3.27.1.
  • CVE-2026-57156: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update_read_delta_points in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeof(DELTA_POINT), allowing a malicious RDP peer to allocate an undersized heap buffer and then write beyond it during initialization. This issue is fixed in version 3.28.0.
  • CVE-2026-57157: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in channels/rdpecam/server/camera_device_enumerator_main.c and then dereference once past the scan bound, allowing a malicious RDP client to trigger a 1- to 2-byte out-of-bounds heap read. This issue is fixed in version 3.28.0.
  • CVE-2026-57158: (needs triaging) FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-02-26 Last update: 2026-07-14 18:31
4 security issues in forky high

There are 4 open security issues in forky.

4 important issues:
  • CVE-2026-55827: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap->data only for the smaller DstWidth and DstHeight in gdi_Bitmap_Decompress, allowing a malicious RDP server to trigger a heap out-of-bounds write with attacker-controlled offset and content. This issue is fixed in version 3.27.1.
  • CVE-2026-57156: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update_read_delta_points in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeof(DELTA_POINT), allowing a malicious RDP peer to allocate an undersized heap buffer and then write beyond it during initialization. This issue is fixed in version 3.28.0.
  • CVE-2026-57157: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in channels/rdpecam/server/camera_device_enumerator_main.c and then dereference once past the scan bound, allowing a malicious RDP client to trigger a 1- to 2-byte out-of-bounds heap read. This issue is fixed in version 3.28.0.
  • CVE-2026-57158: FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0.
Created: 2026-07-07 Last update: 2026-07-14 18:31
lintian reports 250 warnings normal
Lintian reports 250 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2026-07-12 Last update: 2026-07-12 09:17
AppStream hints: 2 warnings for freerdp-x11,freerdp-sdl normal
AppStream found metadata issues for packages:
  • freerdp-sdl: 1 warning
  • freerdp-x11: 1 warning
You should get rid of them to provide more metadata about this software.
Created: 2026-02-11 Last update: 2026-02-11 20:01
Multiarch hinter reports 1 issue(s) low
There are issues with the multiarch metadata for this package.
  • winpr3-utils could be marked Multi-Arch: foreign
Created: 2026-02-11 Last update: 2026-07-15 20:03
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).
Created: 2025-12-23 Last update: 2026-07-14 15:18
testing migrations
  • This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • excuses:
    • Migration status for freerdp3 (3.27.0+dfsg-1 to 3.29.0+dfsg-1): Waiting for test results or another package, or too young (no action required now - check later)
    • Issues preventing migration:
    • ∙ ∙ Lintian check waiting for test results on riscv64 - info
    • ∙ ∙ Too young, only 2 of 5 days old
    • Additional info (not blocking):
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/f/freerdp3.html
    • ∙ ∙ Autopkgtest for freerdp3/3.29.0+dfsg-1: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, loong64: Failed (not a regression) ♻ (reference ♻), ppc64el: Pass, riscv64: Pass, s390x: Pass
    • ∙ ∙ Reproduced on amd64 - info
    • ∙ ∙ Reproduced on arm64 - info
    • ∙ ∙ Reproduced on armhf - info
    • ∙ ∙ Reproduced on i386 - info
    • Not considered
news
[rss feed]
  • [2026-07-14] Accepted freerdp3 3.29.0+dfsg-1 (source) into unstable (Michael Tokarev)
  • [2026-07-11] Accepted freerdp3 3.28.0+dfsg-2 (source) into unstable (Michael Tokarev)
  • [2026-07-06] Accepted freerdp3 3.28.0+dfsg-1 (source) into unstable (Michael Tokarev)
  • [2026-06-30] Accepted freerdp3 3.27.1+dfsg-1 (source) into unstable (Michael Tokarev)
  • [2026-06-21] freerdp3 3.27.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2026-06-16] Accepted freerdp3 3.27.0+dfsg-1 (source) into unstable (Michael Tokarev)
  • [2026-06-12] Accepted freerdp3 3.26.0+dfsg-1~bpo13+1 (source) into stable-backports (Michael Tokarev)
  • [2026-05-17] freerdp3 3.26.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2026-05-06] Accepted freerdp3 3.15.0+dfsg-2.1+deb13u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Tokarev)
  • [2026-05-06] Accepted freerdp3 3.26.0+dfsg-1 (source) into unstable (Michael Tokarev)
  • [2026-05-03] Accepted freerdp3 3.15.0+dfsg-2.1+deb13u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Tokarev)
  • [2026-05-02] Accepted freerdp3 3.15.0+dfsg-2.1+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Michael Tokarev)
  • [2026-04-30] Accepted freerdp3 3.25.0+dfsg-5 (source) into unstable (Michael Tokarev)
  • [2026-04-26] Accepted freerdp3 3.25.0+dfsg-4 (source) into unstable (Michael Tokarev)
  • [2026-04-25] Accepted freerdp3 3.25.0+dfsg-3 (source) into unstable (Michael Tokarev)
  • [2026-04-25] Accepted freerdp3 3.25.0+dfsg-2 (source) into unstable (Michael Tokarev)
  • [2026-04-24] Accepted freerdp3 3.25.0+dfsg-1 (source) into unstable (Michael Tokarev)
  • [2026-03-29] Accepted freerdp3 3.24.2+dfsg-1~bpo13+1 (source) into stable-backports (Michael Tokarev)
  • [2026-03-29] freerdp3 3.24.2+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2026-03-25] Accepted freerdp3 3.24.2+dfsg-1 (source) into unstable (Michael Tokarev)
  • [2026-03-20] freerdp3 3.24.1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2026-03-18] Accepted freerdp3 3.24.1+dfsg-1 (source) into unstable (Michael Tokarev)
  • [2026-03-15] Accepted freerdp3 3.24.0+dfsg-2 (source) into unstable (Michael Tokarev)
  • [2026-03-13] Accepted freerdp3 3.24.0+dfsg-1 (source) into unstable (Michael Tokarev)
  • [2026-02-28] Accepted freerdp3 3.23.0+dfsg-1~bpo13+1 (source amd64 all) into stable-backports (Debian FTP Masters) (signed by: Michael Tokarev)
  • [2026-02-28] freerdp3 3.23.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2026-02-25] Accepted freerdp3 3.23.0+dfsg-1 (source) into unstable (Michael Tokarev)
  • [2026-02-19] freerdp3 3.22.0+dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2026-02-11] Accepted freerdp3 3.22.0+dfsg-3 (source) into unstable (Michael Tokarev)
  • [2026-02-01] Accepted freerdp3 3.22.0+dfsg-1~bpo13+1 (source) into stable-backports (Michael Tokarev)
  • 1
  • 2
bugs [bug history graph]
  • all: 4
  • RC: 0
  • I&N: 3
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 250)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.28.0+dfsg-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing