MGASA-2026-0086

FreeRDP has a heap-buffer-overflow in audinprocessformats. (CVE-2026-22852) FreeRDP has a heap-buffer-overflow in driveprocessirpread. (CVE-2026-22854) FreeRDP has a heap-buffer-overflow in smartcardunpacksetattribcall. (CVE-2026-22855) FreeRDP has a heap-use-after-free in createirpthread. (CVE-2026-22856) FreeRDP has a heap-use-after-free in irpthreadfunc. (CVE-2026-22857) FreeRDP has a heap-buffer-overflow in urbselectconfiguration. (CVE-2026-22859) FreeRDP has heap-buffer-overflow in GlyphAlloc. (CVE-2026-23732) Heap-use-after-free in updatepointernew. (CVE-2026-23883) Heap-use-after-free in gdisetbounds. (CVE-2026-23884) FreeRDP has a heap-use-after-free in videotimer. (CVE-2026-24491) Buffer Overread in FreeRDP Icon Processing. (CVE-2026-26271) FreeRDP has Out-of-bounds Write. (CVE-2026-26955, CVE-2026-26965) FreeRDP has a Heap Buffer Overflow in nscprocessmessage() via Unchecked SURFACEBITSCOMMAND Bitmap Dimensions. (CVE-2026-31806) FreeRDP has a size_t underflow in ADPCM decoder leads to heap-buffer-overflow write. (CVE-2026-31883) FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/stepindex bounds checks. (CVE-2026-31885)