Lucene search
K

4 matches found

OSV
OSV
added 2026/05/29 8:16 p.m.8 views

UBUNTU-CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

8.8CVSS5.9AI score0.0042EPSS
Exploits1References3
NVD
NVD
added 2026/05/26 3:16 p.m.18 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS0.00808EPSS
Exploits1References8
EUVD
EUVD
added 2026/05/26 2:8 p.m.12 views

EUVD-2026-31830

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.5AI score0.00808EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/26 2:8 p.m.50 views

CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS0.00808EPSS
Exploits1References4
Rows per page
Query Builder