## This update for freerdp fixes the following issues: Security fixes: * CVE-2026-26271: Buffer overread in FreeRDP icon processing (bsc#1258979). * CVE-2026-26955: Out-of-Bounds write in ClearCodec surface command handler (bsc#1258982). * CVE-2026-26965: Out-of-bounds write in planar bitmap RLE decompression (bsc#1258985). * CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution (bsc#1259653). * CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overwrite (bsc#1259679). * CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686). Other changes for freerdp: * Update CVE-2026-24491 patch and check the channel pointer before reset, avoiding subtle crash (bsc#1261848).
* bsc#1257981
* bsc#1258979
* bsc#1258982
* bsc#1258985
* bsc#1259653
* bsc#1259679
* bsc#1259686
* bsc#1261848
Cross-
* CVE-2026-24491
* CVE-2026-26271
* CVE-2026-26955
* CVE-2026-26965
* CVE-2026-31806
* CVE-2026-31883
* CVE-2026-31885
CVSS scores:
* CVE-2026-24491 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24491 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24491 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-24491 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26271 ( NVD ): 5.5
Get the latest Linux and open source security news straight to your inbox.