3 matches found
ROS-20260611-73-0009
The vulnerability of the cleardecompress function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...
CVE-2026-23531
Summary: CVE-2026-23531 affects FreeRDP before 3.21.0 through a flawed destination-rectangle validation in ClearCodec during RDPGFX surface updates, enabling an out-of-bounds read/write and a client-side heap buffer overflow. This can crash the client (DoS) and, depending on allocator/heap layout...
CVE-2026-23531 FreeRDP has heap-buffer-overflow in clear_decompress
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls freerdpimagecopynooverlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates...