Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Ubuntu 25.10 FreeRDP Critical Buffer Overflow Denial of Service USN-8042-1

Calendar Feb 16, 2026 User Avatar LinuxSecurity Advisories
2 - 4 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical Ubuntu freerdp
Several security issues were fixed in FreeRDP. 
==========================================================================
Ubuntu Security Notice USN-8042-1
February 16, 2026

freerdp2, freerdp3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in FreeRDP.

Software Description:
- freerdp3: RDP client for Windows Terminal Services
- freerdp2: RDP client for Windows Terminal Services

Details:

It was discovered that FreeRDP incorrectly handled memory under certain
circumstances, which could lead to a NULL pointer dereference. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2026-23948)

It was discovered that FreeRDP did not correctly validate the size of
certain variables, which could cause a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. This issue only affected FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu
25.10. (CVE-2026-24491)

It was discovered that FreeRDP did not correctly validate the size of
certain variables, which could cause a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2026-24675, CVE-2026-24679, CVE-2026-24682)

It was discovered that FreeRDP had a use after free vulnerability under
certain circumstances. An attacker could use this to cause a denial of
service or possibly execute arbitrary code. (CVE-2026-24676,
CVE-2026-24681)

It was discovered that FreeRDP did not correctly validate the size of
certain variables, which could cause a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. This issue only affected Ubuntu 25.10. (CVE-2026-24677)

It was discovered that FreeRDP had a use after free vulnerability under
certain circumstances. An attacker could use this to cause a denial of
service or possibly execute arbitrary code. This issue only affected
Ubuntu 25.10. (CVE-2026-24678)

It was discovered that FreeRDP had a use after free vulnerability under
certain circumstances. An attacker could use this to cause a denial of
service or possibly execute arbitrary code. This issue only affected
FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24680)

It was discovered that FreeRDP had a use after free vulnerability under
certain circumstances. An attacker could use this to cause a denial of
service or possibly execute arbitrary code. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2026-24683, CVE-2026-24684)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  freerdp3-x11                    3.16.0+dfsg-2ubuntu0.1
  libfreerdp3-3                   3.16.0+dfsg-2ubuntu0.1

Ubuntu 24.04 LTS
  freerdp2-x11                    2.11.5+dfsg1-1ubuntu0.1~esm5
                                  Available with Ubuntu Pro
  freerdp3-x11                    3.5.1+dfsg1-0ubuntu1.2
  libfreerdp2-2t64                2.11.5+dfsg1-1ubuntu0.1~esm5
                                  Available with Ubuntu Pro
  libfreerdp3-3                   3.5.1+dfsg1-0ubuntu1.2

Ubuntu 22.04 LTS
  freerdp2-x11                    2.6.1+dfsg1-3ubuntu2.10
  libfreerdp2-2                   2.6.1+dfsg1-3ubuntu2.10

Ubuntu 20.04 LTS
  freerdp2-x11                    2.6.1+dfsg1-0ubuntu0.20.04.2+esm3
                                  Available with Ubuntu Pro
  libfreerdp2-2                   2.6.1+dfsg1-0ubuntu0.20.04.2+esm3
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  freerdp2-x11                    2.2.0+dfsg1-0ubuntu0.18.04.4+esm5
                                  Available with Ubuntu Pro
  libfreerdp2-2                   2.2.0+dfsg1-0ubuntu0.18.04.4+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8042-1
  CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676,
  CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680,
  CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684

Package Information:
  https://launchpad.net/ubuntu/+source/freerdp3/3.16.0+dfsg-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/freerdp2/2.6.1+dfsg1-3ubuntu2.10

Ubuntu 25.10 FreeRDP Critical Buffer Overflow Denial of Service USN-8042-1

ubuntu
Calendar Grey February 16, 2026
Dist Ubuntu Esm H88
Security advisory details recent issues fixed in FreeRDP impacting various Ubuntu versions with critical fixes needed.
Several security issues were fixed in FreeRDP.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in FreeRDP. Software Description: - freerdp3: RDP client for Windows Terminal Services - freerdp2: RDP client for Windows Terminal Services Details: It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-23948) It was discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-24491) It was discovered that FreeRDP did not correctly validate the size of certain variables, which c...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical Ubuntu freerdp

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 freerdp3-x11 3.16.0+dfsg-2ubuntu0.1 libfreerdp3-3 3.16.0+dfsg-2ubuntu0.1 Ubuntu 24.04 LTS freerdp2-x11 2.11.5+dfsg1-1ubuntu0.1~esm5 Available with Ubuntu Pro freerdp3-x11 3.5.1+dfsg1-0ubuntu1.2 libfreerdp2-2t64 2.11.5+dfsg1-1ubuntu0.1~esm5 Available with Ubuntu Pro libfreerdp3-3 3.5.1+dfsg1-0ubuntu1.2 Ubuntu 22.04 LTS freerdp2-x11 2.6.1+dfsg1-3ubuntu2.10 libfreerdp2-2 2.6.1+dfsg1-3ubuntu2.10 Ubuntu 20.04 LTS freerdp2-x11 2.6.1+dfsg1-0ubuntu0.20.04.2+esm3 Available with Ubuntu Pro libfreerdp2-2 2.6.1+dfsg1-0ubuntu0.20.04.2+esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS freerdp2-x11 2.2.0+dfsg1-0ubuntu0.18.04.4+esm5 Available with Ubuntu Pro libfreerdp2-2 2.2.0+dfsg1-0ubuntu0.18.04.4+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8042-1

CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676,

CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680,

CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8042-1

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical Ubuntu freerdp

Package Information

https://launchpad.net/ubuntu/+source/freerdp3/3.16.0+dfsg-2ubuntu0.1 https://launchpad.net/ubuntu/+source/freerdp2/2.6.1+dfsg1-3ubuntu2.10

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here