2534 matches found
UBUNTU-CVE-2026-23884
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...
CVE-2026-23884 Heap-use-after-free in gdi_set_bounds
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...
CVE-2026-23884
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...
EUVD-2026-3310
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...
CVE-2026-23884
Summary: CVE-2026-23884 affects FreeRDP prior to 3.21.0, where offscreen bitmap deletion can leave gdi->drawing pointing to freed memory, enabling a client-side use-after-free that may crash the client (DoS) and cause heap corruption depending on allocator/heap layout. The issue is addressed i...
CVE-2026-23884
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...
CVE-2026-23884 Heap-use-after-free in gdi_set_bounds
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...
poppler: Out-of-Bounds Read in Poppler
A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...
poppler: Out-of-Bounds Read in Poppler
A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...
poppler: Out-of-Bounds Read in Poppler
A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...
FreeRDP resource management error vulnerability
FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.21.0 contained a resource management vulnerability. This vulnerability occurred when, after deleting the screen extents bitmap, the gdi-drawing mechanism still pointed to freed...
ROS-20260119-7323
A vulnerability in the drivers/iommu/iommufd/iovabitmap.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
FreeRDP security vulnerabilities
FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.21.0 contained security vulnerabilities. These vulnerabilities stemmed from the freerdpbitmapdecompressplanar function, which did not validate the nSrcWidth and nSrcHeight parameter...
ROS-20260119-7316
A vulnerability in the md/md-bitmap component of the Linux operating system kernel is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2026-23884
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory,...
OESA-2026-1115 gimp security update
The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000650)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000650 advisory. The nfs4getacluncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000655)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000655 advisory. The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004308)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004308 advisory. An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions o...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004225)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004225 advisory. A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security...