CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Redos•added yesterday•2 views

ROS-20260611-73-0021

The vulnerability of the gdisetbounds function in the RDP client of FreeRDP is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service failure...

9.8CVSS6AI score0.00225EPSS

Redos•added yesterday•2 views

ROS-20260611-73-0007

9.8CVSS6.4AI score0.00175EPSS

Redos•added yesterday•2 views

ROS-20260611-73-0022

9.8CVSS6AI score0.00225EPSS

RedhatCVE•added 2026/06/05 7:13 p.m.•4 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.3AI score0.00068EPSS

Exploits1References1

OSV•added 2026/05/29 8:16 p.m.•5 views

UBUNTU-CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

8.8CVSS5.9AI score0.00055EPSS

Cvelist•added 2026/05/29 7:40 p.m.•30 views

CVE-2026-44421 FreeRDP RDPGFX CacheToSurface heap-buffer-overflow via clamped-rectangle validation bypass

8.8CVSS0.00055EPSS

Exploits1References1

Tenable Nessus•added 2026/05/28 12:0 a.m.•14 views

Linux Distros Unpatched Vulnerability : CVE-2026-40033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The...

8.8CVSS6AI score0.00068EPSS

SUSE CVE•added 2026/05/27 2:49 a.m.•8 views

SUSE CVE-2026-40033

8.1CVSS6.5AI score0.00068EPSS

OSV•added 2026/05/26 3:16 p.m.•6 views

DEBIAN-CVE-2026-40033

8.8CVSS6.4AI score0.00068EPSS

Exploits1References1

NVD•added 2026/05/26 3:16 p.m.•12 views

CVE-2026-40033

8.8CVSS0.00068EPSS

UbuntuCve•added 2026/05/26 3:16 p.m.•6 views

CVE-2026-40033

8.8CVSS6.4AI score0.00068EPSS

Exploits1References4

AlpineLinux•added 2026/05/26 2:8 p.m.•14 views

CVE-2026-40033

EUVD•added 2026/05/26 2:8 p.m.•8 views

EUVD-2026-31830

ATTACKERKB•added 2026/05/26 2:8 p.m.•7 views

CVE-2026-40033

Cvelist•added 2026/05/26 2:8 p.m.•38 views

Exploits1References4

CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass

8.8CVSS0.00068EPSS

CVE•added 2026/05/26 2:8 p.m.•21 views

CVE-2026-40033

FreeRDP before 3.26.0 is affected by a heap-buffer-overflow in gdi_CacheToSurface. The issue stems from rectangle validation clamping coordinates to UINT16_MAX while copy operations use unclamped cache entry dimensions, enabling a malicious RDP server to trigger large out-of-bounds writes and pot...

Exploits1References3Affected Software1

Vulnrichment•added 2026/05/26 2:8 p.m.•8 views

CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass

CNNVD•added 2026/05/26 12:0 a.m.•7 views

FreeRDP 安全漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the gdiCacheToSurface function, which could allow remote attackers ...