-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 Apr 2026 18:45:10 +0300 Source: freerdp3 Architecture: source Version: 3.15.0+dfsg-2.1+deb13u2 Distribution: trixie Urgency: medium Maintainer: Debian Remote Maintainers Changed-By: Michael Tokarev Changes: freerdp3 (3.15.0+dfsg-2.1+deb13u2) trixie; urgency=medium . * security fixes for client from 3.24.0 (medium): . CVE-2026-29774 Heap-buffer-overflow in avc420_yuv_to_rgb via OOB regionRects https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5q35-hv9x-7794 codec-h264-validate-rectangles-before-use-CVE-2026-29774.patch CVE-2026-29775 Heap-buffer-overflow in bitmap_cache_put via OOB cacheId https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h666-rfw3-jhvj cache-bitmap-overallocate-bitmap-cache-CVE-2026-29775.patch CVE-2026-29776 Integer Underflow in update_read_cache_bitmap_order https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c747-x4wf-cqrr core-order-fix-const-correctness.patch core-orders-improve-input-validation-CVE-2026-29776.patch CVE-2026-31806 Heap Buffer Overflow in nsc_process_message() via Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrqm-46rj-cmx2 codec-nsc-bounds-checks-and-doxygen.patch codec-nsc-log-decoder-function-parameter-issues.patch codec-nsc-fix-use-of-nsc_process_message.patch codec-nsc-limit-copy-area-in-nsc_process_message-CVE-2026-31806.patch CVE-2026-31883 `size_t` underflow in ADPCM decoder leads to heap-buffer-overflow write https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5 CVE-2026-31885 Out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5 codec-dsp-fix-array-bounds-checks-CVE-2026-31883-CVE-2026-31885.patch CVE-2026-31884 Division-by-zero in ADPCM decoders when `nBlockAlign` is 0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jp7m-94ww-p56r codec-dsp-add-format-checks-CVE-2026-31884.patch CVE-2026-31897 Out-of-bounds read in `freerdp_bitmap_decompress_planar` https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x codec-planar-add-early-length-check-to-avoid-oob-rea-CVE-2026-31897.patch . * security fixes for client from 3.24.2 (medium): . CVE-2026-33952 DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks (rts.c:282) https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 core-gateway-Check-rpcconn_common_hdr_t-auth_length--CVE-2026-33952.patch CVE-2026-33977 DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331) https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5 codec-dsp-fix-IMA-ADPCM-sample-clamping-CVE-2026-33977.patch CVE-2026-33995 double free in kerberos_AcceptSecurityContext and kerberos_IntitalizeSecurityContextA https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx winpr-sspi-Fix-context-nullptr-handling-CVE-2026-33995.patch CVE-2026-33984 ClearCodec resize_vbar_entry() Heap OOB Write https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6 codec-clear-update-CLEAR_VBAR_ENTRY-size-after-alloc-CVE-2026-33984.patch CVE-2026-33983 Progressive Codec Quant BYTE Underflow - UB + CPU DoS https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478 codec-progressive-Fail-progressive_rfx_quant_sub-on--CVE-2026-33983.patch CVE-2026-33985 ClearCodec Glyph Cache Count Desync - Heap OOB Read https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85 codec-clear-Update-CLEAR_GLYPH_ENTRY-count-after-all-CVE-2026-33985.patch CVE-2026-33986 H.264 YUV Buffer Dimension Desync - Heap OOB Write https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97 codec-h264-update-H264_CONTEXT-width-height-after-al-CVE-2026-33986.patch CVE-2026-33987 Persistent Cache bmpSize Desync - Heap OOB Write https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ff8h-p5vc-wcwc cache-persistent-update-PERSISTENT_CACHE_ENTRY-size--CVE-2026-33987.patch CVE-2026-33982 Persistent Cache Allocator Mismatch - Heap OOB Read https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2 cache-persist-use-winpr_aligned_calloc-CVE-2026-33982.patch Checksums-Sha1: 1db1b00cd3ca1367f43308d7897ff9564ba5d56d 4245 freerdp3_3.15.0+dfsg-2.1+deb13u2.dsc a93cbf62304f211911e09e95068b2533e2432888 135188 freerdp3_3.15.0+dfsg-2.1+deb13u2.debian.tar.xz 501d176919ff49b92e288258e498f043dfde566f 10664 freerdp3_3.15.0+dfsg-2.1+deb13u2_source.buildinfo Checksums-Sha256: c912f8cb23bae4b5301366212c838a8e2212a5dc5020df87f20a34a706d7e1b1 4245 freerdp3_3.15.0+dfsg-2.1+deb13u2.dsc ad8e514c834e840d0aa4d174fcef1fe480dff8bad8f071f63a6daac82d097cfa 135188 freerdp3_3.15.0+dfsg-2.1+deb13u2.debian.tar.xz 5f81f1fb3e3eae79de73e9464272ae543f4958a6091a7939df46b8cb9b1cb973 10664 freerdp3_3.15.0+dfsg-2.1+deb13u2_source.buildinfo Files: 54c55b6308a19f803813716258cc546e 4245 x11 optional freerdp3_3.15.0+dfsg-2.1+deb13u2.dsc 306a799567a74da9725c7dca723b6807 135188 x11 optional freerdp3_3.15.0+dfsg-2.1+deb13u2.debian.tar.xz 683511bba027b27a3563f36c9c6ed963 10664 x11 optional freerdp3_3.15.0+dfsg-2.1+deb13u2_source.buildinfo -----BEGIN PGP SIGNATURE----- wsG7BAEBCgBvBYJp9yjqCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmfS/DTO8QnlLXQjfUIx9AUZgqPx2iL7f+piwe2pRp4C qxYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AAB9zA/9GYshKmX13XeiB6vCvyT/Yuqb izVwibjy3Q+GUQLGvfa7t7upr2Xm9Fjx++Pkv4LGnM8R2Gat/1Mrv6qzme5vmfgY idhc1g3BJgsxcVdTM4hzqlfVqbHHIhklUjOzvWQY/ZD+/Jti1VHGDV7kkJBrH3zI IGguIFtLbYoO5G4eByMO4/PwIg2Qc9BALCz05n24u73mzBKQGU6YD/kziw37RDQ2 HUmAfxwdQrfB9dCxCzriFKf7A5QJJtVw8TiJ5zLcJPFORdCNhm8n87e/gLGKaH2W XcX87u1EBxK2gWShNRIMCebKN/TlDa4CQBH2whWjdzNFtjwwzuuEvP+1xhMSovvC seQH3o4febJ3Mm3F1+YrRJsHEiTPc3R2keQ0j0kxdp7rsdcyj7XFhgJjZMb7ALye bjhPvzdwzKvOvv5+AZNcwQEmG5DKwF92j9Tup/q7BiJEzLABuQNWrVN5qMjsmFGJ yKt218AJ8jR5y1TFaZ9tSHPM6rDjFbRN/YBC/SeEKqQvg0P4IzJGd0srdk8cMF3B n5yG5ZuVzMX9e9LHOpGQnmHxJ+53l/ee8ObtuVWTXWpjBwHd4LpexB3+mDw3ocds dcZZuDMPbRd7XRP/AL81rOA1TcIYcFqqE4yEF9WYN1EepjNbGiKmAvo+G0yRy7kS RyFV4F9Y+/ujbxkuQr4= =5/+R -----END PGP SIGNATURE-----