{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"not yet assigned\"}"}}}], "affected": [{"vendor": "debian", "product": "freerdp2-dev", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "freerdp2-shadow-x11", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "freerdp2-shadow-x11-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "freerdp2-wayland", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "freerdp2-wayland-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "freerdp2-x11", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "freerdp2-x11-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libfreerdp-client2-2", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libfreerdp-client2-2-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libfreerdp-server2-2", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libfreerdp-server2-2-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libfreerdp-shadow-subsystem2-2", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libfreerdp-shadow-subsystem2-2-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libfreerdp-shadow2-2", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libfreerdp-shadow2-2-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libfreerdp2-2", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libfreerdp2-2-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libuwac0-0", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libuwac0-0-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libuwac0-dev", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libwinpr-tools2-2", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libwinpr-tools2-2-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libwinpr2-2", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libwinpr2-2-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libwinpr2-dev", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "winpr-utils", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "winpr-utils-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "freerdp2", "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-proxy", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-proxy-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-proxy-modules", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-proxy-modules-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-sdl", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-sdl-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-shadow-x11", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-shadow-x11-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-wayland", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-wayland-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-x11", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp-x11-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-proxy", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-proxy-modules", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-sdl", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-shadow-x11", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-wayland", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-x11", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-client3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-client3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-server-proxy3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-server-proxy3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-server3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-server3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-shadow-subsystem3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-shadow-subsystem3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-shadow3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-shadow3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libwinpr-tools3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libwinpr-tools3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libwinpr3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libwinpr3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libwinpr3-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "winpr-utils", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "winpr-utils-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "winpr3-utils", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-proxy", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-proxy-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-proxy-modules", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-proxy-modules-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-sdl", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-sdl-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-shadow-x11", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-shadow-x11-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-wayland", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-wayland-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-x11", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "freerdp3-x11-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-client3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-client3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-server-proxy3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-server-proxy3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-server3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-server3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-shadow-subsystem3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-shadow-subsystem3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-shadow3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp-shadow3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libfreerdp3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libwinpr-tools3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libwinpr-tools3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libwinpr3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libwinpr3-3-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libwinpr3-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "winpr3-utils", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "winpr3-utils-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0+dfsg-2.1+deb13u2", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2026-03-13T17:35:17.411Z", "x_subShortName": "debian"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "freerdp", "platforms": ["cpe:/o:redhat:enterprise_linux:6"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "freerdp-devel", "platforms": ["cpe:/o:redhat:enterprise_linux:6"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "freerdp-libs", "platforms": ["cpe:/o:redhat:enterprise_linux:6"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "freerdp-plugins", "platforms": ["cpe:/o:redhat:enterprise_linux:6"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol (RDP). A remote attacker can exploit a size_t underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a heap-buffer-overflow write, which can result in a denial of service for the FreeRDP client. \n            Red Hat has protection mechanisms in place, such as FORTIFY_SOURCE, Position Independent Executables or Stack Smashing Protection."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-13T17:35:00Z", "x_subShortName": "redhat_6"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "almalinux", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "freerdp-server", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-31883", "name": "CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.  \n\nSecurity Fix(es):  \n\n  * freerdp: FreeRDP: Denial of service via heap use-after-free during auto-reconnect (CVE-2026-25997)\n  * freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)\n  * freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)\n  * freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)\n  * freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885)\n  * freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)\n  * freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)\n  * FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)\n  * FreeRDP: FreeRDP: Information disclosure and denial of service via heap-buffer-overflow read (CVE-2026-33982)\n  * FreeRDP: FreeRDP: Memory corruption vulnerability allows denial of service or arbitrary code execution (CVE-2026-33987)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2026-05-11T00:00:00Z", "x_subShortName": "alma_10"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "almalinux", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-31883", "name": "CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.  \n\nSecurity Fix(es):  \n\n  * freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)\n  * freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)\n  * freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951)\n  * freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)\n  * freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885)\n  * freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)\n  * freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)\n  * FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2026-05-12T00:00:00Z", "x_subShortName": "alma_9"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"MODERATE\"}"}}}], "affected": [{"vendor": "oraclelinux", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "freerdp-server", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://linux.oracle.com/cve/CVE-2026-31883.html"}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000006", "shortName": "oraclelinux", "dateUpdated": "2026-05-11T00:00:00Z", "x_subShortName": "oraclelinux"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-libs-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-libs-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-server", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-server", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-server-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-server-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "libwinpr-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "libwinpr-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-12.el10_2.5", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-31883"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447386"}, {"url": "https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8"}, {"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31883"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol (RDP). A remote attacker can exploit a size_t underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a heap-buffer-overflow write, which can result in a denial of service for the FreeRDP client."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-13T17:35:17Z", "x_subShortName": "redhat_10"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:16019"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)\n\n* freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)\n\n* freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951)\n\n* freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)\n\n* freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885)\n\n* freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)\n\n* freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)\n\n* FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-13T17:35:00Z", "x_subShortName": "redhat_8"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "2:2.11.7-7.el9_8.3", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "2:2.11.7-7.el9_8.3", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "2:2.11.7-7.el9_8.3", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "2:2.11.7-7.el9_8.3", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "2:2.11.7-7.el9_8.3", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:16482"}, {"url": "https://access.redhat.com/errata/RHSA-2026:19358"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)\n\n* freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)\n\n* freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951)\n\n* freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)\n\n* freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885)\n\n* freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)\n\n* freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)\n\n* FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-13T17:35:00Z", "x_subShortName": "redhat_9"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "rocky", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-libs-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-server", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-server-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "libwinpr-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.10.3-5.el10_1.8", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-libs-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "libwinpr-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-9.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "freerdp-libs-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "libwinpr-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.el9_7.7", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442764"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442768"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442782"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442783"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447379"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447383"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447385"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447386"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453217"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453218"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453226"}], "descriptions": [{"lang": "en", "value": "freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000004", "shortName": "rocky", "dateUpdated": "2026-05-13T06:00:58Z", "x_subShortName": "rocky"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:packagehub:15:sp7", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:packagehub:15:sp7", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-proxy", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:packagehub:15:sp7", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-server", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:packagehub:15:sp7", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "winpr2-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.11.7-150700.3.14.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:packagehub:15:sp7", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-proxy-plugins", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-sdl", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.11.7-150700.3.14.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp2-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.11.7-150700.3.14.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp2-proxy", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.11.7-150700.3.14.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp2-server", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.11.7-150700.3.14.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libfreerdp-server-proxy3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libfreerdp2-2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.11.7-150700.3.14.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libfreerdp3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "librdtk0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libwinpr2-2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.11.7-150700.3.14.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libwinpr3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "winpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-wayland", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libfreerdp2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.4.0-150400.3.47.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libuwac0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libwinpr2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.4.0-150400.3.47.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "uwac0-0-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.11.2-150600.4.18.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1259679"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31883", "name": "Mitre CVE-2026-31883"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005629.html", "name": "RHSA-2026:16014"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005644.html", "name": "RHSA-2026:16019"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005652.html", "name": "RHSA-2026:16482"}, {"url": "https://www.suse.com/security/cve/CVE-2026-31883", "name": "SUSE CVE-2026-31883"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025021.html", "name": "SUSE-SU-2026:1129-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/045202.html", "name": "SUSE-SU-2026:1160-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045257.html", "name": "SUSE-SU-2026:1164-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045256.html", "name": "SUSE-SU-2026:1165-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045603.html", "name": "SUSE-SU-2026:1398-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025817.html", "name": "SUSE-SU-2026:21436-1"}], "descriptions": [{"lang": "en", "value": "\n    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-03-28T00:00:00Z", "x_subShortName": "suse_server_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-proxy", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-server", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-wayland", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libfreerdp2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.4.0-150400.3.47.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libuwac0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.10.3-150700.3.9.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libwinpr2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.4.0-150400.3.47.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "uwac0-0-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.11.2-150600.4.18.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "winpr2-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.11.7-150700.3.14.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:packagehub:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1259679"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31883", "name": "Mitre CVE-2026-31883"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005629.html", "name": "RHSA-2026:16014"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005644.html", "name": "RHSA-2026:16019"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005652.html", "name": "RHSA-2026:16482"}, {"url": "https://www.suse.com/security/cve/CVE-2026-31883", "name": "SUSE CVE-2026-31883"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025021.html", "name": "SUSE-SU-2026:1129-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/045202.html", "name": "SUSE-SU-2026:1160-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045257.html", "name": "SUSE-SU-2026:1164-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045256.html", "name": "SUSE-SU-2026:1165-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045603.html", "name": "SUSE-SU-2026:1398-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025817.html", "name": "SUSE-SU-2026:21436-1"}], "descriptions": [{"lang": "en", "value": "\n    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-03-28T00:00:00Z", "x_subShortName": "suse_desktop_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.1.2-12.63.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5", "cpe:/o:suse:sles:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "winpr2-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.1.2-12.63.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5", "cpe:/o:suse:sles:12:sp5"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1259679"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31883", "name": "Mitre CVE-2026-31883"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005629.html", "name": "RHSA-2026:16014"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005644.html", "name": "RHSA-2026:16019"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005652.html", "name": "RHSA-2026:16482"}, {"url": "https://www.suse.com/security/cve/CVE-2026-31883", "name": "SUSE CVE-2026-31883"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025021.html", "name": "SUSE-SU-2026:1129-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/045202.html", "name": "SUSE-SU-2026:1160-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045257.html", "name": "SUSE-SU-2026:1164-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045256.html", "name": "SUSE-SU-2026:1165-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045603.html", "name": "SUSE-SU-2026:1398-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025817.html", "name": "SUSE-SU-2026:21436-1"}], "descriptions": [{"lang": "en", "value": "\n    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-04-02T00:00:00Z", "x_subShortName": "suse_server_12"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-proxy", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-proxy-plugins", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-sdl", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-server", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "freerdp-wayland", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libfreerdp-server-proxy3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libfreerdp3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "librdtk0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libuwac0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libwinpr3-3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "winpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.24.2-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1259679"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31883", "name": "Mitre CVE-2026-31883"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005629.html", "name": "RHSA-2026:16014"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005644.html", "name": "RHSA-2026:16019"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2026-May/005652.html", "name": "RHSA-2026:16482"}, {"url": "https://www.suse.com/security/cve/CVE-2026-31883", "name": "SUSE CVE-2026-31883"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025021.html", "name": "SUSE-SU-2026:1129-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/045202.html", "name": "SUSE-SU-2026:1160-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045257.html", "name": "SUSE-SU-2026:1164-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045256.html", "name": "SUSE-SU-2026:1165-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045603.html", "name": "SUSE-SU-2026:1398-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025817.html", "name": "SUSE-SU-2026:21436-1"}], "descriptions": [{"lang": "en", "value": "\n    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-05-05T00:00:00Z", "x_subShortName": "suse_server_16"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "amazon", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.amzn2.0.9", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "freerdp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.amzn2.0.9", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.amzn2.0.9", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.amzn2.0.9", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.amzn2.0.9", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:2.11.7-1.amzn2.0.9", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2026-04-13T09:00:00Z", "x_subShortName": "alas_2"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "amazon", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "freerdp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "freerdp-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "freerdp-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "freerdp-libs", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "freerdp-libs-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "freerdp-server", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "freerdp-server-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "libwinpr", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "libwinpr-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "libwinpr-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "2:3.6.3-1.amzn2023.0.8", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2026-03-30T09:00:00Z", "x_subShortName": "alas_2023"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "canonical", "product": "libfreerdp-client2-2", "platforms": ["bionic", "focal", "jammy"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-server2-2", "platforms": ["bionic", "focal", "jammy"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-shadow-subsystem2-2", "platforms": ["bionic", "focal", "jammy"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-shadow2-2", "platforms": ["bionic", "focal", "jammy"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp2-2", "platforms": ["bionic", "focal", "jammy"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libuwac0-0", "platforms": ["bionic", "focal", "jammy"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-tools2-2", "platforms": ["bionic", "focal", "jammy"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr2-2", "platforms": ["bionic", "focal", "jammy"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "freerdp2-shadow-x11", "platforms": ["bionic", "focal", "jammy", "noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "freerdp2-wayland", "platforms": ["bionic", "focal", "jammy", "noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "freerdp2-x11", "platforms": ["bionic", "focal", "jammy", "noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "winpr-utils", "platforms": ["bionic", "focal", "jammy", "noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "freerdp-x11", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-cache1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-client1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-codec1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-common1.1.0", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-core1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-crypto1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-gdi1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-locale1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-plugins-standard", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-primitives1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-rail1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-utils1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-asn1-0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-bcrypt0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-credentials0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-credui0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-crt0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-crypto0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-dsparse0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-environment0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-error0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-file0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-handle0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-heap0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-input0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-interlocked0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-io0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-library0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-path0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-pipe0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-pool0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-registry0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-rpc0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-sspi0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-sspicli0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-synch0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-sysinfo0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-thread0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-timezone0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-utils0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-winhttp0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-winsock0.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libxfreerdp-client1.1", "platforms": ["bionic", "xenial"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "freerdp3-shadow-x11", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "freerdp3-wayland", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "freerdp3-x11", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-client2-2t64", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-client3-3", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-server2-2t64", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-server3-3", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-shadow-subsystem2-2t64", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-shadow-subsystem3-3", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-shadow2-2t64", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp-shadow3-3", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp2-2t64", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libfreerdp3-3", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libuwac0-0t64", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-tools2-2t64", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr-tools3-3", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr2-2t64", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "libwinpr3-3", "platforms": ["noble"], "defaultStatus": "unknown"}, {"vendor": "canonical", "product": "winpr3-utils", "platforms": ["noble"], "defaultStatus": "unknown"}], "references": [{"url": "https://ubuntu.com/security/CVE-2026-31883"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decodersleads to heap-buffer-overflow write via the RDPSND audio channel. Inlibfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract blockheader sizes from a size_t variable without checking for underflow. WhennBlockAlign (received from the server) is set such that size % block_size== 0 triggers the header parsing at a point where size is smaller than theheader (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while(size > 0) loop then continues for an astronomical number of iterations.This vulnerability is fixed in 3.24.0."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-03-13T19:54:00Z", "x_subShortName": "canonical"}}, {"affected": [{"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "references": [{"url": "https://www.cve.org/CVERecord?id=CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "not defined"}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2000-01-01T00:00:00Z", "x_subShortName": "redhat_7"}}, {"affected": [{"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "references": [{"url": "https://www.cve.org/CVERecord?id=CVE-2026-31883"}], "descriptions": [{"lang": "en", "value": "not defined"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2000-01-01T00:00:00Z", "x_subShortName": "fedora"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*"], "vendor": "freerdp", "product": "freerdp", "versions": [{"status": "affected", "version": "0", "lessThan": "3.24.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5", "tags": ["exploit", "patch", "vendor-advisory"]}, {"url": "https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122"}, {"lang": "en", "cweId": "CWE-191", "description": "CWE-191"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2026-03-13T19:54:37Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2026-31883", "state": "PUBLISHED", "dateUpdated": "2026-03-17T14:26:13Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-13T19:54:37Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.0"}