CVE-2026-44421 FreeRDP RDPGFX CacheToSurface heap-buffer-overflow via clamped-rectangle validation bypass

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

CVE-2026-44421

CVE-2026-44421 affects FreeRDP prior to 3.26.0. A malicious RDP server can trigger a heap-buffer-overflow in the client via crafted RDPGFX PDUs in gdi_CacheToSurface, by validating a destination rectangle clamped to UINT16_MAX but copying using the original cacheEntry->width/height, causing a ...

EUVD-2026-30842

ExifReader is vulnerable to denial of service via unbounded decompression of image metadata...

drm/amdgpu/vcn4: Prevent OOB reads when parsing IB

...

drm/amdkfd: validate SVM ioctl nattr against buffer size

...

drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

...

[SECURITY] Fedora 44 Update: libpng-1.6.58-1.fc44

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

EUVD-2026-33116

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33085

Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33084

Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33095

Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33078

Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33219

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33215

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33199

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33201

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33224

Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33209

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33207

Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...