VDB

DEBIAN-CVE-2026-27015

DEBIAN-CVE-2026-27015 PUBLISHED CVSS 6.5 MEDIUM

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in `smartcard_unpack_read_size_align()` (`libfreerdp/utils/smartcard_pack.c:1703`) allows a malicious RDP server to crash the FreeRDP client via a reachable `WINPR_ASSERT` → `abort()`. The crash occurs in upstream builds where `WITH_VERBOSE_WINPR_ASSERT=ON` (default in FreeRDP 3.22.0 / current WinPR CMake defaults). Smartcard redirection must be explicitly enabled by the user (e.g., `xfreerdp /smartcard`; `/smartcard-logon` implies `/smartcard`). Version 3.23.0 fixes the issue.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:14freerdp30, 3.15.0+dfsg-2.1, 3.16.0+dfsg-2
Debian:13freerdp33.15.0+dfsg, 0, 3.15.0+dfsg-2.1
Debian:11freerdp2*, 2.11.7+dfsg1-1, 2.11.7+dfsg1-3
Debian:12freerdp22.11.5+dfsg1-1, 2.11.7+dfsg1-1, 2.11.7+dfsg1-2

Timeline

  • Feb 25, 2026 CVE Published
  • May 16, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›