CVE-2026-24680
Publication date 9 February 2026
Last updated 16 February 2026
Ubuntu priority
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| freerdp | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| freerdp2 | 25.10 questing | Not in release |
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| freerdp3 | 25.10 questing |
Fixed 3.16.0+dfsg-2ubuntu0.1
|
| 24.04 LTS noble |
Fixed 3.5.1+dfsg1-0ubuntu1.2
|
|
| 22.04 LTS jammy | Not in release |
Notes
References
Related Ubuntu Security Notices (USN)
- USN-8042-1
- FreeRDP vulnerabilities
- 16 February 2026