vulnerability
Ubuntu: USN-8004-1 (CVE-2026-23530): FreeRDP vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jan 19, 2026 | Feb 4, 2026 | Feb 5, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 19, 2026
Added
Feb 4, 2026
Modified
Feb 5, 2026
Description
Kim Dong Han discovered that FreeRDP did not correctly validate the size of
certain variables, which could cause a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code.
Solutions
ubuntu-pro-upgrade-libfreerdp2-2ubuntu-pro-upgrade-libfreerdp2-2t64
References
- CVE-2026-23530
- https://attackerkb.com/topics/CVE-2026-23530
- CWE-122
- UBUNTU-USN-8004-1
- URL-https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/planar.c#L1689-L1696
- URL-https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/planar.c#L1713-L1716
- URL-https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/planar.c#L951-L953
- URL-https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0
- URL-https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p
- URL-https://ubuntu.com/security/notices/USN-8004-1
- URL-https://www.cve.org/CVERecord?id=CVE-2026-23530
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.