2158 matches found
DEBIAN-CVE-2026-40033
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
CVE-2026-40033
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
CVE-2026-40033
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
CVE-2026-40033
FreeRDP before 3.26.0 is affected by a heap-buffer-overflow in gdi_CacheToSurface. The issue stems from rectangle validation clamping coordinates to UINT16_MAX while copy operations use unclamped cache entry dimensions, enabling a malicious RDP server to trigger large out-of-bounds writes and pot...
CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
CVE-2026-40033
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
EUVD-2026-31830
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
CVE-2026-40033
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
FreeRDP 安全漏洞
FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the gdiCacheToSurface function, which could allow remote attackers ...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an IntegerOverflow issue, which leads to an Out-of-Bound Write Vulnerability in the gdiCreateSurface function. This issue only affects FreeRDP-based clients...
May 2026 Patch Tuesday: no zero-days but plenty to fix
This month’s Patch Tuesday remedies 137 security vulnerabilities, including 31 marked critical by Microsoft, with no zero-days actively exploited in the wild. Microsoft defines a zero-day as “a flaw in software for which no official patch or security update is available yet.” This month, Microsof...
CVE-2026-35421
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...
CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability
...
Microsoft Windows GDI 安全漏洞
Microsoft Windows GDI is a core underlying standard interface within the Windows operating system developed by Microsoft, responsible for drawing graphical objects on the screen or printer, managing fonts, and processing images. There are security vulnerabilities in Microsoft Windows GDI. Attacke...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
OESA-2026-2040 freerdp security update
FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp. Security Fixes: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP...
OESA-2026-2039 freerdp security update
FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp. Security Fixes: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP...