7 matches found
ROS-20260611-73-0022
The vulnerability of the gdisetbounds function in the RDP client of FreeRDP is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service failure...
ROS-20260611-73-0021
The vulnerability of the gdisetbounds function in the RDP client of FreeRDP is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service failure...
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. CVE-2026-22857: heap-use-after-free in irpthreadfunc bsc1256723. CVE-2026-23533: improper validation can lead to heap buffer overflow in cleardecompressresidualdata...
Vulnerability of the gdi_set_bounds() function in the RDP client of FreeRDP, allowing a hacker to execute arbitrary code and cause a service failure
The vulnerability of the gdisetbounds function in the RDP client of FreeRDP is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service failure...
CVE-2026-23884
Summary: CVE-2026-23884 affects FreeRDP prior to 3.21.0, where offscreen bitmap deletion can leave gdi->drawing pointing to freed memory, enabling a client-side use-after-free that may crash the client (DoS) and cause heap corruption depending on allocator/heap layout. The issue is addressed i...
CVE-2026-23884 Heap-use-after-free in gdi_set_bounds
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...
CVE-2026-23884 Heap-use-after-free in gdi_set_bounds
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...