Lucene search
K

351 matches found

RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-56297

A flaw was found in FreeRDP. A malicious Remote Desktop Protocol RDP server can exploit a use-after-free vulnerability due to improper synchronization of channel callback access. By sending DYNVCDATA and DYNVCCLOSE messages concurrently, a race condition can be triggered in the drdynvc client...

8.3CVSS6.5AI score0.00262EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42255

FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcmanchannelclose and dvcmancallonreceive due to improper synchronization of channelcallback access. A malicious RDP server can trigger a race condition by sending DYNVCDATA and DYNVCCLOSE messages concurrently, causing...

8.3CVSS6.6AI score0.00262EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-56297

FreeRDP

8.3CVSS6.6AI score0.00262EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 days ago5 views

freerdp: FreeRDP: Remote code execution via heap-buffer-overflow in gdi_CacheToSurface

A flaw was found in FreeRDP.If a user connects to a malicious Remote Desktop RDP server, a security flaw in FreeRDP could cause the application to crash or allow the server to run unauthorized code on the user's system...

8.8CVSS7.3AI score0.00827EPSS
Exploits1References7
Redos
Redos
added 3 days ago5 views

ROS-20260707-73-0014

The vulnerability of the gdiCacheToSurface function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause a service failure by sending specially crafted RDPGFX packets...

8.8CVSS7.8AI score0.00827EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferenced a freed xfAppWindow pointer because xfrailgetwindow returned an unprotected pointer from the railWindows hash table. This could allow the main thread to delete the wind...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, division by zero occurred in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign was 0, resulting in a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize, where blocksize =...

7.5CVSS5.8AI score0.00303EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there was a heap-buffer-overflow vulnerability at 24 bytes before the allocation, in the function winpralignedoffsetrecalloc. This issue has been fixed in version 3.24.2...

8.1CVSS5.7AI score0.00191EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in the functions kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA located in WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c could cause crashes in any FreeRDP...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, there was a buffer overflow vulnerability in freerdpbitmapdecompressplanar when SrcSize was 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize is greater than or...

9.1CVSS6.1AI score0.00285EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in the persistentcachereadentryv3 function in libfreerdp/cache/persistent.c, persistent-bmpSize was updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old...

7.1CVSS6.2AI score0.001EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfcliprdrprovidedata passed the freed pDstData to XChangeProperty. This was because the cliprdr channel thread called xfcliprdrserverformatdataresponse, which converted and used the clipboard data without...

9.8CVSS5.8AI score0.00567EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface read data from a freed xfAppWindow, because the RDPGFX DVC thread obtained a bare pointer via xfrailgetwindow without any lifetime protection. Meanwhile, the main thread could...

9.8CVSS5.8AI score0.00587EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue only affects clients. An integer underflow can lead to a Denial of Service DOS vulnerability, for example, an abort due to WINPRASSERT with default compilation flags. When an...

7.5CVSS6.8AI score0.01385EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use FreeRDP versions prior to 3.5.0 or 2.11.6 and have connections to servers using the NSC codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, do not use the NSC...

9.8CVSS7.3AI score0.01922EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, asynchronous bulk transfer operations could cause a freed channel callback to be used after the URBDRC channel was closed, resulting in a use-after-free situation in the urbwritecompletion function. This...

8.7CVSS5.3AI score0.00467EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, deactivate /gfx which is enabled by default; instead,...

9.8CVSS7.1AI score0.0195EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread could occur in the freerdpimagecopyfromicondata function libfreerdp/codec/color.c, due to malicious RDP window icon TSICONINFO data. This bug could be exploited over the network when a clie...

6.9CVSS6.2AI score0.00242EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.7 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : FreeRDP vulnerabilities (USN-8432-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8432-1 advisory. It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to...

9.8CVSS7.5AI score0.00599EPSS
Exploits4References2
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0014

The vulnerability of the smartcardunpackreadsizealign function libfreerdp/utils/smartcardpack.c:1703 is related to the use of the assert or similar operator in the RDP client FreeRDP. Exploiting this vulnerability may allow a remote attacker to cause the application to terminate abnormally...

6.5CVSS6.4AI score0.00256EPSS
Exploits1
Rows per page
Query Builder