2534 matches found
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
Electron 代码问题漏洞
Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There were code-related vulnerabilities in...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
Medium: freerdp
Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In...
Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1520)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1520 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due...
EUVD-2026-17235
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistentcachereadentryv3 in libfreerdp/cache/persistent.c, persistent-bmpSize is updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This...
EUVD-2026-17089
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GETFOLDERITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...
CVE-2026-28528
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GETFOLDERITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...
PT-2026-29027
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET FOLDER ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...
CVE-2026-33987
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistentcachereadentryv3 in libfreerdp/cache/persistent.c, persistent-bmpSize is updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This...
OESA-2026-1716 freerdp security update
FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp. Security Fixes: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in...
CLSA-2026-1774438942 freerdp: Fix of 3 CVEs
CVE-2026-29774: heap buffer overflow in H.264 AVC420/AVC444 YUV-to-RGB conversion - CVE-2026-31884: division by zero in ADPCM decoders when nBlockAlign is 0 - CVE-2026-29775: off-by-one in bitmapcacheput...
Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-38100)
In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIFIOBITMAP inconsistencies iobitmapexit is invoked from exitthread when a task exists or when a fork fails. In the latter case the exitthread cleans up resources which were allocated during fork. iobitmapexit...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38451)
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmapgetstats The commit message of commit 6ec1f0239485 md/md-bitmap: fix stats collection for external bitmaps states: Remove the external bitmap check as the statistics should be available regardless o...
Advisory ROSA-SA-2026-3216
software: libpng 1.6.53 WASP: ROSA-CHROME unaffected versions = libpng-1.6.53-1 affected versions libpng-1.6.53-1 CVE-ID: CVE-2025-64505 BDU-ID: 2026-02923 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the pngdoquantize function of the pngrtran.c component of the PNG Libpng bitmap graphics libra...
EUVD-2019-19874
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the...
CVE-2019-25563
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the...
CVE-2019-25563 PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the...
CVE-2019-25563 PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the...
CVE-2019-25563
CVE-2019-25563 affects PCHelpWareV2 1.0.0.5. The vulnerability arises in the Create SC feature when a crafted BMP image with an oversized buffer is processed, enabling a local attacker to crash the application (denial of service). The impact is an availability degradation on the affected host. Th...