{"schema_version": "1.7.0", "id": "RLSA-2026:16019", "modified": "2026-05-13T06:07:57.766508Z", "published": "2026-05-13T06:00:58.478905Z", "upstream": ["CVE-2026-25952", "CVE-2026-26986", "CVE-2026-27951", "CVE-2026-29775", "CVE-2026-31883", "CVE-2026-31884", "CVE-2026-31885", "CVE-2026-33985"], "summary": "Moderate: freerdp security update", "details": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)\n\n* freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)\n\n* freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951)\n\n* freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)\n\n* freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885)\n\n* freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)\n\n* freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)\n\n* FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}], "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "freerdp", "purl": "pkg:rpm/rocky-linux/freerdp?distro=rocky-linux-8&epoch=2"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "2:2.11.7-9.el8_10"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2026:16019"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442768"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442782"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442783"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447379"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447383"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447385"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447386"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453217"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}