Lucene search
K

4260 matches found

RedHat Linux
RedHat Linux
added 15 hours ago4 views

freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...

9.8CVSS6.5AI score0.0049EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-55827

A flaw was found in FreeRDP. FreeRDP clients using the non-default /cache:codec:rfx option are vulnerable to a heap out-of-bounds write. A malicious Remote Desktop Protocol RDP server can exploit this by manipulating desktop stride and height values during RemoteFX decoding for Cache Bitmap V3...

7.5CVSS6.4AI score0.00452EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-57156

A flaw was found in FreeRDP clients. A remote attacker, acting as a malicious Remote Desktop Protocol RDP peer, could exploit an integer overflow vulnerability. This overflow occurs when the client processes a specially crafted RDP message, leading to the allocation of an undersized memory buffer...

8.8CVSS6.5AI score0.00528EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-57158

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. FreeRDP clients using the Graphics GFX pipeline are vulnerable to an out-of-bounds read. A malicious RDP server can exploit this by sending a specially crafted, truncated RDPGFXCMDIDWIRETOSURFACE1 planar payloa...

5.4CVSS6AI score0.00528EPSS
Exploits1References7
NVD
NVD
added 3 days ago5 views

CVE-2026-57158

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

9.1CVSS0.00528EPSS
Exploits1References4
NVD
NVD
added 3 days ago5 views

CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS0.00522EPSS
Exploits1References6
NVD
NVD
added 3 days ago5 views

CVE-2026-55827

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

8.8CVSS0.00452EPSS
Exploits1References4
CVE
CVE
added 3 days ago16 views

CVE-2026-57156

CVE-2026-57156 affects FreeRDP prior to 3.28.0 on 32-bit builds. An integer overflow in update_read_delta_points (multiplying an attacker-controlled point count by sizeof(DELTA_POINT)) can cause the client to allocate an undersized heap buffer and write beyond it during initialization. This yield...

8.6CVSS6.2AI score0.00528EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-57156 FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

8.6CVSS0.00528EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43006

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00522EPSS
Exploits1References6
CVE
CVE
added 3 days ago11 views

CVE-2026-57157

FreeRDP (server implementations with the MS-RDPECAM camera device enumerator channel enabled) is affected prior to 3.28.0. Attackers can cause a 1- to 2-byte out-of-bounds heap read by scanning attacker-supplied DeviceName and VirtualChannelName fields and dereferencing beyond the scanned bound i...

6.5CVSS6.1AI score0.00522EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43004

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS6.1AI score0.00452EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 3 days ago6 views

CVE-2026-55827

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS6.1AI score0.00452EPSS
Exploits1
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-55827 FreeRDP: Heap out-of-bounds write in RemoteFX (RFX) Cache Bitmap V3 decode

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS0.00452EPSS
Exploits1References4
CVE
CVE
added 3 days ago19 views

CVE-2026-55827

CVE-2026-55827 affects FreeRDP prior to 3.27.1. When clients start with the non-default /cache:codec:rfx option, FreeRDP passes desktop stride/height to RemoteFX decoding for Cache Bitmap V3 data and allocates bitmap->data only for the smaller DstWidth/DstHeight in gdi_Bitmap_Decompress, enabl...

8.8CVSS6.1AI score0.00452EPSS
Exploits1References4Affected Software1
Rockylinux
Rockylinux
added 3 days ago3 views

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

9.8CVSS6.5AI score0.0049EPSS
Exploits1
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-56297

A flaw was found in FreeRDP. A malicious Remote Desktop Protocol RDP server can exploit a use-after-free vulnerability due to improper synchronization of channel callback access. By sending DYNVCDATA and DYNVCCLOSE messages concurrently, a race condition can be triggered in the drdynvc client...

8.3CVSS6.5AI score0.00281EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 4 days ago4 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS6.6AI score0.0049EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 4 days ago4 views

freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...

9.8CVSS6.6AI score0.0049EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-56297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcmanchannelclose and dvcmancallonreceive due to improper synchronization of channelcallback...

8.3CVSS6.5AI score0.00281EPSS
Exploits1References4
Rows per page
Query Builder