Lucene search
K

6 matches found

Redos
Redos
added 2026/06/11 12:0 a.m.7 views

ROS-20260611-73-0021

The vulnerability of the gdisetbounds function in the RDP client of FreeRDP is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service failure...

9.8CVSS6AI score0.00402EPSS
Exploits1
Redos
Redos
added 2026/06/11 12:0 a.m.7 views

ROS-20260611-73-0022

The vulnerability of the gdisetbounds function in the RDP client of FreeRDP is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service failure...

9.8CVSS6AI score0.00402EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2026/03/03 12:40 p.m.5 views

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. CVE-2026-22857: heap-use-after-free in irpthreadfunc bsc1256723. CVE-2026-23533: improper validation can lead to heap buffer overflow in cleardecompressresidualdata...

7.7CVSS6.1AI score0.00756EPSS
Exploits6References24
OSV
OSV
added 2026/01/19 5:20 p.m.5 views

CVE-2026-23884 Heap-use-after-free in gdi_set_bounds

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...

8.7CVSS5.9AI score0.00402EPSS
Exploits1References22
Cvelist
Cvelist
added 2026/01/19 5:20 p.m.22 views

CVE-2026-23884 Heap-use-after-free in gdi_set_bounds

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...

8.7CVSS0.00402EPSS
Exploits1References4
CVE
CVE
added 2026/01/19 5:20 p.m.30 views

CVE-2026-23884

Summary: CVE-2026-23884 affects FreeRDP prior to 3.21.0, where offscreen bitmap deletion can leave gdi->drawing pointing to freed memory, enabling a client-side use-after-free that may crash the client (DoS) and cause heap corruption depending on allocator/heap layout. The issue is addressed i...

9.8CVSS5.6AI score0.00402EPSS
Exploits1References20Affected Software1
Rows per page
Query Builder