This Important security update addresses two vulnerabilities in FreeRDP: a heap buffer overflow (CVE-2026-33984, CVSS 7.5 HIGH) allowing arbitrary code execution via crafted pixel data, and a denial of service flaw (CVE-2026-33983, CVSS 6.5 MEDIUM) triggered by specially crafted RDP messages. The vulnerabilities affect FreeRDP versions prior to 3.24.2. Users must upgrade to FreeRDP version 3.24.2 to remediate these issues.
Red Hat Product Errata RHSA-2026:11649 - Security Advisory Issued: 2026-04-29 Updated: 2026-04-29 RHSA-2026:11649 - Security Advisory Overview Updated Packages Synopsis Important: freerdp security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for freerdp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data (CVE-2026-33984) FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages (CVE-2026-33983) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2453219 - CVE-2026-33984 FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data BZ - 2453220 - CVE-2026-33983 FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages CVEs CVE-2026-33983 CVE-2026-33984 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM freerdp-2.2.0-13.el8_4.src.rpm SHA-256: 5384ca45db5992e6fd2d5922e7df5725c19d3ebe67b89f80337b0f378bad73d5 x86_64 freerdp-2.2.0-13.el8_4.x86_64.rpm SHA-256: a747b2cd713dd1c61258eec4404d34ad1a1260d24c83aea5a5526da7a3699cbd freerdp-debuginfo-2.2.0-13.el8_4.i686.rpm SHA-256: faec4d09b568c01736b6fd291dc4eaba69855b6068177ef200757f983bd59bbf freerdp-debuginfo-2.2.0-13.el8_4.x86_64.rpm SHA-256: e658b945794a7cfae05a74f1e30362993dd5ca5e48dacf82ee3d140288aca2cf freerdp-debugsource-2.2.0-13.el8_4.i686.rpm SHA-256: 46425820375999adb548c6e514f2cbb6723b4ad7006f5f7d7303c36470df4d29 freerdp-debugsource-2.2.0-13.el8_4.x86_64.rpm SHA-256: c2a0af1f7cda7cb9b92efecafe01d417ae423b4927ffb90cbd037d56d630c78f freerdp-libs-2.2.0-13.el8_4.i686.rpm SHA-256: 3c642a31e3e42828a9894385ac40632d6d75ae5c934dc72d14aa0bb43fb3a02e freerdp-libs-2.2.0-13.el8_4.x86_64.rpm SHA-256: 52040e3211caa98fa9f4ca38bcf36bc9727f8bccf7a3031cfe571efb461fe1c0 freerdp-libs-debuginfo-2.2.0-13.el8_4.i686.rpm SHA-256: b50ea03497ad80ae346eb441479732b7056ec536b767352db4a55e24c94024ff freerdp-libs-debuginfo-2.2.0-13.el8_4.x86_64.rpm SHA-256: 606f760b581723f6d7ce7fa2905ca684b44383c4677110443f203805f0e2312e libwinpr-2.2.0-13.el8_4.i686.rpm SHA-256: 915535cb12067735463e92c271c8f4063c07e7725a34944b9c12b46a7ca1d6bf libwinpr-2.2.0-13.el8_4.x86_64.rpm SHA-256: d241004b87cfb6e5a8e9fb8293926033680dfe4a6a0cc2ec8ffc707d7267d037 libwinpr-debuginfo-2.2.0-13.el8_4.i686.rpm SHA-256: 570922a2d649baf21d081e3af1b70936f41b5a68d2bfd3a8eef8b5e25a2a7a15 libwinpr-debuginfo-2.2.0-13.el8_4.x86_64.rpm SHA-256: 55b511d3af4fceace52bb2823cb2b1a3a41688a3d7d23a7618d9984f4835e3fe libwinpr-devel-2.2.0-13.el8_4.i686.rpm SHA-256: 78dfe903fed404709b3c96502d3adb9f084b2d3edfc02dddcff0a780ef3e62e8 libwinpr-devel-2.2.0-13.el8_4.x86_64.rpm SHA-256: 0acdbf76bd14cfaf5d18fd90dbf983321ae22473aa247dca96573641b4d1b4fa Red Hat Enterprise Linux Server - AUS 8.4 SRPM freerdp-2.2.0-13.el8_4.src.rpm SHA-256: 5384ca45db5992e6fd2d5922e7df5725c19d3ebe67b89f80337b0f378bad73d5 x86_64 freerdp-2.2.0-13.el8_4.x86_64.rpm SHA-256: a747b2cd713dd1c61258eec4404d34ad1a1260d24c83aea5a5526da7a3699cbd freerdp-debuginfo-2.2.0-13.el8_4.i686.rpm SHA-256: faec4d09b568c01736b6fd291dc4eaba69855b6068177ef200757f983bd59bbf freerdp-debuginfo-2.2.0-13.el8_4.x86_64.rpm SHA-256: e658b945794a7cfae05a74f1e30362993dd5ca5e48dacf82ee3d140288aca2cf freerdp-debugsource-2.2.0-13.el8_4.i686.rpm SHA-256: 46425820375999adb548c6e514f2cbb6723b4ad7006f5f7d7303c36470df4d29 freerdp-debugsource-2.2.0-13.el8_4.x86_64.rpm SHA-256: c2a0af1f7cda7cb9b92efecafe01d417ae423b4927ffb90cbd037d56d630c78f freerdp-libs-2.2.0-13.el8_4.i686.rpm SHA-256: 3c642a31e3e42828a9894385ac40632d6d75ae5c934dc72d14aa0bb43fb3a02e freerdp-libs-2.2.0-13.el8_4.x86_64.rpm SHA-256: 52040e3211caa98fa9f4ca38bcf36bc9727f8bccf7a3031cfe571efb461fe1c0 freerdp-libs-debuginfo-2.2.0-13.el8_4.i686.rpm SHA-256: b50ea03497ad80ae346eb441479732b7056ec536b767352db4a55e24c94024ff freerdp-libs-debuginfo-2.2.0-13.el8_4.x86_64.rpm SHA-256: 606f760b581723f6d7ce7fa2905ca684b44383c4677110443f203805f0e2312e libwinpr-2.2.0-13.el8_4.i686.rpm SHA-256: 915535cb12067735463e92c271c8f4063c07e7725a34944b9c12b46a7ca1d6bf libwinpr-2.2.0-13.el8_4.x86_64.rpm SHA-256: d241004b87cfb6e5a8e9fb8293926033680dfe4a6a0cc2ec8ffc707d7267d037 libwinpr-debuginfo-2.2.0-13.el8_4.i686.rpm SHA-256: 570922a2d649baf21d081e3af1b70936f41b5a68d2bfd3a8eef8b5e25a2a7a15 libwinpr-debuginfo-2.2.0-13.el8_4.x86_64.rpm SHA-256: 55b511d3af4fceace52bb2823cb2b1a3a41688a3d7d23a7618d9984f4835e3fe libwinpr-devel-2.2.0-13.el8_4.i686.rpm SHA-256: 78dfe903fed404709b3c96502d3adb9f084b2d3edfc02dddcff0a780ef3e62e8 libwinpr-devel-2.2.0-13.el8_4.x86_64.rpm SHA-256: 0acdbf76bd14cfaf5d18fd90dbf983321ae22473aa247dca96573641b4d1b4fa The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .