CVE-2026-23884

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit this vulnerability when a client connects to it. Specifically, offscreen bitmap deletion can lead to a use-after-free UAF condition, where the client attempts to use memory that has...

CVE-2026-23884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...

CVE-2026-23884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...

FreeRDP resource management error vulnerability

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.21.0 contained a resource management vulnerability. This vulnerability occurred when, after deleting the screen extents bitmap, the gdi-drawing mechanism still pointed to freed...

PT-2026-3467

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.21.0 Description FreeRDP, a free implementation of the Remote Desktop Protocol, contains a flaw where offscreen bitmap deletion results in the gdi-drawing pointer referencing freed memory. This creates a...