18 matches found
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
SUSE CVE-2026-31806
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...
CVE-2026-31806
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...
CVE-2026-31806 FreeRDP has a Heap Buffer Overflow in nsc_process_message() via Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...
CVE-2026-31806
Summary: CVE-2026-31806 affects FreeRDP prior to 3.24.0, where the gdi_surface_bits() handler (NSCodec path) can process SURFACE_BITS_COMMAND messages with unsafe bmp.width/bmp.height values, enabling a heap buffer overflow by crafting server data. The issue arises when width/height are not prope...
CVE-2026-31806 FreeRDP has a Heap Buffer Overflow in nsc_process_message() via Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...
CVE-2026-31806
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...