22 matches found
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to an Out-of-Bounds Write attack in the cleardecompressbandsdata function, where there is no offset validation. Abuse of this vulnerability could lead to an...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007208)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007208 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure ...
CVE-2026-31883
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a sizet underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header...
CVE-2026-29776
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in updatereadcachebitmaporder Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0...
CVE-2026-25955
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reuses a cached XImage whose data pointer references a freed RDPGFX surface buffer, because gdiDeleteSurface frees surface-data without invalidating the appWindow-image that...
CVE-2026-25941
FreeRDP (versions 2.x < 2.11.8 and 3.x
SUSE CVE-2026-23948
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability...
CVE-2026-23948
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability...
CVE-2026-24678 FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0...
CVE-2026-24676
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0...
UBUNTU-CVE-2026-22857
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...
CVE-2026-22855
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1...
FreeRDP 资源管理错误漏洞
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. A resource management error vulnerability exists in FreeRDP versions prior to 3.20.1, which originates in irpthreadfunc, where the IRP is released by irp-Complete and then accessed on the wrong path,...
Linux Distros Unpatched Vulnerability : CVE-2025-68118
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP's certificate handling code on Windo...
DEBIAN-CVE-2024-32459
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available...
DEBIAN-CVE-2023-39354
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the nscrledecompressdata function. The Out-Of-Bounds Read occurs because it processes context-Planes without checking if it contains da...
freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB read vulnerability has been detected in securityfipsdecrypt in libfreerdp/core/security.c due to an uninitialized value...
The vulnerability of the FreeRDP remote desktop protocol lies in its ability to read data beyond the specified buffer, allowing a malicious actor to cause a service failure.
The vulnerability of the FreeRDP remote desktop protocol exists due to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
DEBIAN-CVE-2020-13398
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB write vulnerability has been detected in cryptorsacommon in libfreerdp/crypto/crypto.c...
FreeRDP Buffer Overflow Vulnerability (CNVD-2020-29359)
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP Buffer Overflow Vulnerability. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect...