1844 matches found
CVE-2026-57158
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. FreeRDP clients using the Graphics GFX pipeline are vulnerable to an out-of-bounds read. A malicious RDP server can exploit this by sending a specially crafted, truncated RDPGFXCMDIDWIRETOSURFACE1 planar payloa...
CVE-2026-57157
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...
EUVD-2026-43006
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...
CVE-2026-57158
FreeRDP (Remote Desktop Protocol client) is affected in versions 3.21.0 through 3.27.x where the GFX pipeline’s planar_decompress_plane_rle_only fix is incomplete, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that may read one byte past the input...
EUVD-2026-43004
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...
CVE-2026-55827
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...
freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...
Oracle Linux 9 : freerdp (ELSA-2026-19349)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19349 advisory. - Lock appWindow to fix use-after-free in RAIL mode CVE-2026-25952 Resolves: RHEL-159860 - Fix double free in xfrailwindowcommon cleanup CVE-2026-2698...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode process, planardecompressplanerle wrote into pDstData at nYDst+y nDstStep + 4nXDst + nChannel, without verifying that nYDst+nSrcHeight fits within the destination height or that...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, division by zero occurred in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign was 0, resulting in a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize, where blocksize =...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggered a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, a underflow of the sizet variable in the IMA-ADPCM and MS-ADPCM audio decoders led to a heap-buffer-overflow issue through the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, xfPointerNew would free cursorPixels if there was a failure. After that, pointerfree would call xfPointerFree to free it again, which could trigger an ASan UAF. A malicious server could exploit this...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. The ainputsendinputevent function caches the channelcallback in a local variable and then uses it without synchronization. A concurrent closure of a channel can free or reinitialize the callback, resulting in an use-after-free...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in the resizevbarentry function in libfreerdp/codec/clear.c, vBarEntry-size was updated to vBarEntry-count before the winpralignedrecalloc call. If the realloc call fails, the size is inflated, and the pixel...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there was a heap-buffer-overflow vulnerability at 24 bytes before the allocation, in the function winpralignedoffsetrecalloc. This issue has been fixed in version 3.24.2...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server could trigger a heap buffer overflow in FreeRDP clients by using the GDI surface pipeline e.g., xfreerdp to send an RDPGFX ClearCodec surface command with an out-of-bounds destination...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reused a cached XImage, where the data pointer referred to an RDPGFX surface buffer that had been freed. This was because gdiDeleteSurface freed surface-data without invalidating...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a heap out-of-bounds read occurred in the smartcard SetAttrib path when cbAttrLen did not match the actual NDR buffer length. This vulnerability has been fixed in version 3.20.1...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread could occur in the freerdpimagecopyfromicondata function libfreerdp/codec/color.c, due to malicious RDP window icon TSICONINFO data. This bug could be exploited over the network when a clie...