Lucene search
K

2158 matches found

OSV
OSV
added 2026/05/26 3:16 p.m.8 views

DEBIAN-CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.7CVSS6.4AI score0.00827EPSS
Exploits1References1
NVD
NVD
added 2026/05/26 3:16 p.m.18 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS0.00827EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2026/05/26 3:16 p.m.11 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.4AI score0.00827EPSS
Exploits1References4
CVE
CVE
added 2026/05/26 2:8 p.m.58 views

CVE-2026-40033

FreeRDP before 3.26.0 is affected by a heap-buffer-overflow in gdi_CacheToSurface. The issue stems from rectangle validation clamping coordinates to UINT16_MAX while copy operations use unclamped cache entry dimensions, enabling a malicious RDP server to trigger large out-of-bounds writes and pot...

8.8CVSS6.5AI score0.00827EPSS
Exploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 2:8 p.m.11 views

CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.5AI score0.00827EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:8 p.m.12 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.5AI score0.00827EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/26 2:8 p.m.12 views

EUVD-2026-31830

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.5AI score0.00827EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/05/26 2:8 p.m.18 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.5AI score0.00827EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/26 2:8 p.m.54 views

CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS0.00827EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

FreeRDP 安全漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the gdiCacheToSurface function, which could allow remote attackers ...

8.8CVSS6.5AI score0.00827EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an IntegerOverflow issue, which leads to an Out-of-Bound Write Vulnerability in the gdiCreateSurface function. This issue only affects FreeRDP-based clients...

9.8CVSS7.2AI score0.01147EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2026/05/13 11:0 a.m.19 views

May 2026 Patch Tuesday: no zero-days but plenty to fix

This month’s Patch Tuesday remedies 137 security vulnerabilities, including 31 marked critical by Microsoft, with no zero-days actively exploited in the wild. Microsoft defines a zero-day as “a flaw in software for which no official patch or security update is available yet.” This month, Microsof...

8.4CVSS7AI score0.00605EPSS
Exploits0
NVD
NVD
added 2026/05/12 6:17 p.m.8 views

CVE-2026-35421

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...

7.8CVSS0.00532EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 4:58 p.m.47 views

CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability

...

7.8CVSS0.00532EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Windows GDI 安全漏洞

Microsoft Windows GDI is a core underlying standard interface within the Windows operating system developed by Microsoft, responsible for drawing graphical objects on the screen or printer, managing fonts, and processing images. There are security vulnerabilities in Microsoft Windows GDI. Attacke...

7.8CVSS6AI score0.00532EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/28 6:49 a.m.6 views

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

9.8CVSS6.3AI score0.00656EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/27 2:55 p.m.9 views

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

9.8CVSS5.5AI score0.00656EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/27 5:41 a.m.9 views

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

9.8CVSS6.3AI score0.00656EPSS
Exploits1References6
OSV
OSV
added 2026/04/25 5:48 a.m.4 views

OESA-2026-2040 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp. Security Fixes: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP...

9.8CVSS7.2AI score0.00656EPSS
Exploits5References8
OSV
OSV
added 2026/04/25 5:48 a.m.10 views

OESA-2026-2039 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp. Security Fixes: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP...

9.8CVSS7.2AI score0.00656EPSS
Exploits5References8
Rows per page
Query Builder