UbuntuUpdates.org

Package "libwinpr3-dev"

Name: libwinpr3-dev

Description:

Windows Portable Runtime library (development files)
Latest version: 3.5.1+dfsg1-0ubuntu1.2
Release: noble (24.04)
Level: updates
Repository: main
Head package: freerdp3
Homepage: https://www.freerdp.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libwinpr3-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libwinpr3-dev" in Noble

Repository Area Version
base main 3.5.0+dfsg1-0ubuntu1
security main 3.5.1+dfsg1-0ubuntu1.2

Changelog

Version: 3.5.1+dfsg1-0ubuntu1.2 2026-02-16 10:07:51 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2026-23948.patch: fix missing NULL check
    - CVE-2026-23948
  * SECURITY UPDATE: heap overflow
    - debian/patches/CVE-2026-24491-1.patch: reset channel_callback
      before close
    - debian/patches/CVE-2026-24491-2.patch: check pointer before
      reset
    - debian/patches/CVE-2026-24675.patch: do not free MsConfig on
      failure
    - debian/patches/CVE-2026-24679.patch: ensure InterfaceNumber is
      within range
    - debian/patches/CVE-2026-24682.patch: fix audin_server_recv_formats
      cleanup
    - CVE-2026-24491
    - CVE-2026-24675
    - CVE-2026-24679
    - CVE-2026-24682
  * SECURITY UPDATE: heap use after free
    - debian/patches/CVE-2026-24676.patch: reset audin->format
    - debian/patches/CVE-2026-24680.patch: reset pointer after memory
      release
    - debian/patches/CVE-2026-24681.patch: cancel all usb transfers on
      channel close
    - debian/patches/CVE-2026-24683.patch: lock context when updating
      listener
    - debian/patches/CVE-2026-24684-1.patch: terminate thread before
      free
    - debian/patches/CVE-2026-24684-2.patch: only clean up thread
      before free
    - CVE-2026-24676
    - CVE-2026-24680
    - CVE-2026-24681
    - CVE-2026-24683
    - CVE-2026-24684

 -- Nishit Majithia <email address hidden> Thu, 12 Feb 2026 19:23:45 +0530
Source diff to previous version
CVE-2026-23948 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2
CVE-2026-24491 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel
CVE-2026-24675 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but l
CVE-2026-24679 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array i
CVE-2026-24682 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio format
CVE-2026-24676 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the c
CVE-2026-24680 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_
CVE-2026-24681 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel cal
CVE-2026-24683 FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses i
CVE-2026-24684 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the

Version: 3.5.1+dfsg1-0ubuntu1.1 2025-07-08 17:44:01 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted RDP packet
    - debian/patches/CVE-2025-4478.patch: initialize function pointers
      after resource allocation in libfreerdp/core/transport.c.
    - CVE-2025-4478

 -- Marc Deslauriers <email address hidden> Mon, 07 Jul 2025 14:44:55 -0400
Source diff to previous version
CVE-2025-4478 A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue

Version: 3.5.1+dfsg1-0ubuntu1 2024-04-29 19:06:55 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1) noble-security; urgency=medium

  * SECURITY UPDATE: updated to 3.5.1 to fix multiple security issues
    - CVE-2024-32658 [Low] ExtractRunLengthRegular* out of bound read
    - CVE-2024-32659 [Low] freerdp_image_copy out of bound read
    - CVE-2024-32660 [Low] zgfx_decompress out of memory
    - CVE-2024-32661 [Low] rdp_write_logon_info_v1 NULL access
    - CVE-2024-32662 [Low] rdp_redirection_read_base64_wchar out of bound read

 -- Marc Deslauriers <email address hidden> Mon, 29 Apr 2024 10:25:11 -0400
CVE-2024-32658 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V
CVE-2024-32659 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if
CVE-2024-32660 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i
CVE-2024-32661 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc
CVE-2024-32662 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. T


About   -   Send Feedback to @ubuntu_updates