FreeRDP, an open-source RDP client implementation, contains multiple security vulnerabilities affecting its handling of memory and audio data. The issues include denial of service vulnerabilities due to use-after-free (CVE-2026-25952), double free during disconnect (CVE-2026-26986), and an endless blocking loop (CVE-2026-27951). There is also a heap-buffer-overflow in bitmap_cache_put via out-of-bounds cacheId (CVE-2026-29775), out-of-bounds reads in ADPCM decoders due to missing bounds checks (CVE-2026-31885), division-by-zero in ADPCM decoders when nBlockAlign is zero (CVE-2026-31884), denial of service via crafted audio data (CVE-2026-31883), and information disclosure through heap memory out-of-bounds read (CVE-2026-33985). Red Hat has released updated packages for Red Hat Enterprise Linux 9 and related distributions to address these vulnerabilities.

The vulnerabilities can lead to denial of service conditions, causing the FreeRDP client to crash or become unresponsive. The heap-buffer-overflow and out-of-bounds read issues may also allow an attacker to read or corrupt memory, potentially leading to information disclosure. The division-by-zero error can cause application crashes. These issues affect the stability and confidentiality of systems using vulnerable versions of FreeRDP on Red Hat Enterprise Linux 9 and related products. No known exploits in the wild have been reported at this time.

Red Hat has released security updates for FreeRDP in Red Hat Enterprise Linux 9 and related products to address these vulnerabilities. Users should apply these official patches as detailed in the Red Hat advisory RHSA-2026:16482 (https://access.redhat.com/errata/RHSA-2026:16482) to remediate the issues. No additional mitigation actions are indicated beyond applying the vendor-provided updates.