CVE-2026-26271
Publication date 25 February 2026
Last updated 18 March 2026
Ubuntu priority
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| freerdp | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| freerdp2 | 25.10 questing | Not in release |
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| freerdp3 | 25.10 questing |
Fixed 3.16.0+dfsg-2ubuntu0.3
|
| 24.04 LTS noble |
Fixed 3.5.1+dfsg1-0ubuntu1.4
|
|
| 22.04 LTS jammy | Not in release |
References
Related Ubuntu Security Notices (USN)
- USN-8105-1
- FreeRDP vulnerabilities
- 18 March 2026