Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42 FreeRDP Critical Denial of Service Risk 2026-fa67f40526

fedora
Calendar Grey February 18, 2026
Dist Fedora Esm H88
Update to freerdp 3.22.0 addresses critical Denial of Service and heap issues in Fedora 42 with urgent patching guidance.
Update to 3.22.0

Summary

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP

project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows

machines, xrdp and VirtualBox.

Update Information:

Update to 3.22.0

Topics%20covered

Topics Covered

security advisory denial of service fedora heap overflow heap-use-after-free freerdp

Change Log

* Mon Feb 2 2026 Ondrej Holy - 2:3.22.0-1 - Update to 3.22.0 (CVE-2026-23948, CVE-2026-24682, CVE-2026-24683, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24684, CVE-2026-24679, CVE-2026-24681, CVE-2026-24675, CVE-2026-24491, CVE-2026-24680) Resolves: rhbz#2433803

References


[ 1 ] Bug #2438245 - CVE-2026-24678 freerdp: FreeRDP: Denial of Service via use after free in ecam_channel_write [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438245 [ 2 ] Bug #2438257 - CVE-2026-24675 freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438257 [ 3 ] Bug #2438259 - CVE-2026-24681 freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438259 [ 4 ] Bug #2438260 - CVE-2026-24677 freerdp: FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438260 [ 5 ] Bug #2438262 - CVE-2026-24683 freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438262 [ 6 ] Bug #2438264 - CVE-2026-24682 freerdp: FreeRDP has a Heap-buffer-overflow ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fa67f40526' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: freerdp
Product: Fedora 42
Version: 3.22.0
Release: 1.fc42
URL: http://www.freerdp.com/
Summary: Free implementation of the Remote Desktop Protocol (RDP)

Topics%20covered

Topics Covered

security advisory denial of service fedora heap overflow heap-use-after-free freerdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here