Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007199)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007199 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode...

CVE-2026-33984

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resizevbarentry in libfreerdp/codec/clear.c, vBarEntry-size is updated to vBarEntry-count before the winpralignedrecalloc call. If realloc fails, size is inflated while pixels still points to the old,...

CVE-2026-33984

Debian security tracker lists CVE-2026-33984 with a concrete issue in ClearCodec: resize_vbar_entry() causes a Heap OOB Write. The connected document specifies the root cause as a Heap-based out-of-bounds write in resize_vbar_entry(), but does not provide affected versions, vulnerable components ...

SUSE CVE-2026-26955

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination...

CVE-2026-26955

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

Linux Distros Unpatched Vulnerability : CVE-2026-26955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP...

CVE-2026-26955

Summary (CVE-2026-26955): FreeRDP prior to 3.23.0 is affected by a heap-based overflow in the GDI surface pipeline when processing an RDPGFX ClearCodec surface command. The handler does not validate the destination rectangle against the surface dimensions, allowing attacker-controlled cmd->lef...

EUVD-2026-8739

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination...

freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a client-side heap buffer overflow vulnerability in the RDPGFX ClearCodec decode path. This occurs when maliciously crafted residual data causes out-of-bounds writes during color...

freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution.

A flaw was found in FreeRDP. A malicious server can exploit an out-of-bounds read/write vulnerability in the ClearCodec component by sending crafted RDPGFX surface updates. This can trigger a client-side heap buffer overflow, leading to a crash Denial of Service DoS and potential heap corruption...

freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a client-side heap buffer overflow vulnerability in the RDPGFX ClearCodec decode path. This occurs when maliciously crafted residual data causes out-of-bounds writes during color...

freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a client-side heap buffer overflow vulnerability in the RDPGFX ClearCodec decode path. This occurs when maliciously crafted residual data causes out-of-bounds writes during color...

freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution.

A flaw was found in FreeRDP. A malicious server can exploit an out-of-bounds read/write vulnerability in the ClearCodec component by sending crafted RDPGFX surface updates. This can trigger a client-side heap buffer overflow, leading to a crash Denial of Service DoS and potential heap corruption...

CVE-2026-23533

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a...

CVE-2026-23533

CVE-2026-23533 – FreeRDP : Affects FreeRDP prior to version 3.21.0, where the RDPGFX ClearCodec decode path can fail due to crafted residual data causing out-of-bounds writes. This leads to a client crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior...

FreeRDP security vulnerabilities

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.21.0 contained security vulnerabilities. These vulnerabilities stemmed from the cleardecompress function in ClearCodec, which did not validate the target rectangle, potentially...

PT-2026-22017

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description A malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline, such as xfreerdp. This occurs when sending an RDPGFX ClearCodec surface command with an...