Lucene search
K

638 matches found

SUSE Linux
SUSE Linux
added 2026/04/27 12:6 p.m.4 views

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. CVE-2026-25952: Heap-use-after-free in xfSetWindowMinMaxInfo...

8.2CVSS5.7AI score0.00599EPSS
Exploits13References58
OSV
OSV
added 2026/04/27 12:5 p.m.5 views

SUSE-SU-2026:1633-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. - CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952: Heap-use-after-free in...

9.8CVSS5AI score0.00599EPSS
Exploits15References35
SUSE Linux
SUSE Linux
added 2026/04/27 12:4 p.m.6 views

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. CVE-2026-25952: Heap-use-after-free in xfSetWindowMinMaxInfo...

8.2CVSS5.7AI score0.00599EPSS
Exploits13References58
OSV
OSV
added 2026/04/11 12:21 a.m.12 views

OSV-2026-561 Global-buffer-overflow in nameMatch

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=500975977 Crash type: Global-buffer-overflow READ 1 Crash state: nameMatch QStringConverter::QStringConverter KMime::HeaderParsing::parseEncodedWord...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/20 10:32 a.m.4 views

CLSA-2026-1774002757 Fix CVE(s): CVE-2026-25898

SECURITY UPDATE: global buffer overflow read in UIL and XPM encoders. - debian/patches/CVE-2026-25898.patch: clamp negative pixel index values to zero in WriteUILImage, WritePICONImage, and WriteXPMImage before using them as array subscripts into the Cixel table. - CVE-2026-25898...

9.1CVSS7.1AI score0.00348EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.8 views

RHEL 8 : freerdp (RHSA-2026:4433)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4433 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

9.1CVSS6AI score0.00756EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2026/03/09 6:7 p.m.5 views

freerdp: FreeRDP global-buffer-overflow

A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...

9.1CVSS5.9AI score0.00599EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/03/09 7:37 a.m.6 views

freerdp: FreeRDP global-buffer-overflow

A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...

9.1CVSS5.9AI score0.00599EPSS
Exploits1References6
OSV
OSV
added 2026/02/26 8:43 p.m.7 views

RLSA-2026:3334 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP heap-buffer-overflow CVE-2026-22855 freerdp: FreeRDP...

7.4CVSS5.6AI score0.00756EPSS
Exploits3References4
OSV
OSV
added 2026/02/25 12:16 a.m.6 views

OSV-2026-307 Global-buffer-overflow in navcom_parse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486709178 Crash type: Global-buffer-overflow READ 1 Crash state: navcomparse gpsdpoll FuzzDrivers.c...

5.4AI score
Exploits0References1
Rockylinux
Rockylinux
added 2026/02/24 6:54 p.m.6 views

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

9.1CVSS5.8AI score0.00756EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2026/02/24 3:39 p.m.8 views

ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer

The UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger ...

9.1CVSS5.8AI score0.00348EPSS
Exploits0References5Affected Software17
OSV
OSV
added 2026/02/24 3:39 p.m.5 views

GHSA-VPXV-R9PG-7GPR ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer

The UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger ...

6.5CVSS5.9AI score0.00348EPSS
Exploits0References5
OSV
OSV
added 2026/02/24 1:18 a.m.4 views

CVE-2026-25898 Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is ...

6.5CVSS6.1AI score0.00348EPSS
Exploits0References3
OSV
OSV
added 2026/02/06 12:15 a.m.3 views

OSV-2026-200 Global-buffer-overflow in nameMatch

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=481841731 Crash type: Global-buffer-overflow READ 1 Crash state: nameMatch QStringConverter::QStringConverter KCodecs::parseEncodedWord...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/02/04 12:5 a.m.3 views

OSV-2026-189 Global-buffer-overflow in gpsd_poll

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=480975802 Crash type: Global-buffer-overflow READ 1 Crash state: gpsdpoll FuzzDriversStructured.c...

5.3AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/16 12:25 a.m.3 views

SUSE CVE-2026-22858

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...

6.8CVSS7AI score0.00599EPSS
Exploits1References8
AlpineLinux
AlpineLinux
added 2026/01/14 5:56 p.m.2 views

CVE-2026-22858

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...

9.1CVSS7AI score0.00599EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/01/14 5:56 p.m.5 views

CVE-2026-22858

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...

9.1CVSS5.6AI score0.00599EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/01/14 5:56 p.m.41 views

CVE-2026-22858

CVE-2026-22858 affects FreeRDP prior to 3.20.1, where a global-buffer-overflow can occur in the Base64 decoding path due to implementation‑defined char signedness causing out‑of‑bounds access. The vulnerability is fixed in 3.20.1; multiple advisories (SUSE/SLES/OpenSUSE/Fedora) reference updating...

9.1CVSS6.5AI score0.00599EPSS
Exploits1References19Affected Software1
Rows per page
Query Builder