Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 517
Alerts This Week
Warning Icon 1 517

SUSE freerdp Important Update Heap Overflow Threat 2026-0649-1

suse
Calendar Grey February 26, 2026
Dist Suse Esm H88
Eight vulnerabilities are fixed in this important freerdp update for SUSE, enhancing security for affected systems.
An update that solves eight vulnerabilities can now be installed.

Summary

## This update for freerdp fixes the following issues: * CVE-2026-24491: heap-use-after-free in video_timer (bsc#1257981). * CVE-2026-24675: heap-use-after-free in urb_select_interface (bsc#1257982). * CVE-2026-24676: heap-use-after-free in audio_format_compatible (bsc#1257983). * CVE-2026-24679: heap-buffer-overflow in urb_select_interface (bsc#1257986). * CVE-2026-24681: heap-use-after-free in urb_bulk_transfer_cb (bsc#1257988). * CVE-2026-24682: heap-buffer-overflow in audio_formats_free (bsc#1257989). * CVE-2026-24683: heap-use-after-free in ainput_send_input_event (bsc#1257990). * CVE-2026-24684: heap-use-after-free in play_thread (bsc#1257991). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like

References

* bsc#1257981

* bsc#1257982

* bsc#1257983

* bsc#1257986

* bsc#1257988

* bsc#1257989

* bsc#1257990

* bsc#1257991

Cross-

* CVE-2026-24491

* CVE-2026-24675

* CVE-2026-24676

* CVE-2026-24679

* CVE-2026-24681

* CVE-2026-24682

* CVE-2026-24683

* CVE-2026-24684

CVSS scores:

* CVE-2026-24491 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2026-24491 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2026-24491 ( NVD ): 7.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-24491 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-24675 ( SUSE ): 6.9

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0649-1
Release Date: 2026-02-25T16:31:43Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.