Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

SUSE freerdp Essential Buffer Overflow Patch 2026-1398-1 Released

suse
Calendar Grey April 16, 2026
Dist Suse Esm H88
Update solving seven vulnerabilities in freerdp enhances performance and security for SUSE users, ensuring software integrity.
An update that solves seven vulnerabilities and has one security fix can now be installed.

Summary

## This update for freerdp fixes the following issues: Security fixes: * CVE-2026-26271: Buffer overread in FreeRDP icon processing (bsc#1258979). * CVE-2026-26955: Out-of-Bounds write in ClearCodec surface command handler (bsc#1258982). * CVE-2026-26965: Out-of-bounds write in planar bitmap RLE decompression (bsc#1258985). * CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution (bsc#1259653). * CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overwrite (bsc#1259679). * CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686). Other changes for freerdp: * Update CVE-2026-24491 patch and check the channel pointer before reset, avoiding subtle crash (bsc#1261848).

References

* bsc#1257981

* bsc#1258979

* bsc#1258982

* bsc#1258985

* bsc#1259653

* bsc#1259679

* bsc#1259686

* bsc#1261848

Cross-

* CVE-2026-24491

* CVE-2026-26271

* CVE-2026-26955

* CVE-2026-26965

* CVE-2026-31806

* CVE-2026-31883

* CVE-2026-31885

CVSS scores:

* CVE-2026-24491 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2026-24491 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2026-24491 ( NVD ): 7.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-24491 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-26271 ( NVD ): 5.5

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1398-1
Release Date: 2026-04-16T10:40:51Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here