ROS-20260615-73-0009

The vulnerability of the RDP client FreeRDP is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

ROS-20260615-73-0029

The vulnerability of the xfclipboardformatequal function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

ROS-20260610-73-0044

The vulnerability of the smartcardunpacksetattribcall function in the RDP client FreeRDP is related to the execution of operations outside the buffer in memory, resulting from an incorrect validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary...

ROS-20260610-73-0038

The vulnerability of the audinprocessformats function in the RDP client FreeRDP is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures remotely...

CVE-2026-45700 Heap-buffer-overflow write in planar bitmap decoder

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdpbitmapdecompressplanar validates the X destination coordinate nXDst against the...

CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. The ainputsendinputevent function caches the channelcallback in a local variable and then uses it without synchronization. A concurrent closure of a channel can free or reinitialize the callback, resulting in an use-after-free...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. In affected versions, there is an out-of-bound read in the ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP-based client into reading out-of-bound data and attempting to decode it, potentially leading to a cras...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination...

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

[SECURITY] Fedora 42 Update: xrdp-0.10.6-1.fc42

xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client...

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

freerdp: FreeRDP heap-use-after-free

A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...

freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation

A use after free flaw was found in FreeRDP. AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. A malicious server can trigger a client‑side heap use after free causing a crash...

CVE-2026-33985

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker. Mitigation Mitigation for thi...

EUVD-2026-17233

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height are updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE but width/height are...