CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

PT-2026-33509

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description An open source RDP server contains a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation. This occurs due to insufficient validation of client-controlled size...

CVE-2026-25941

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory...

EUVD-2026-8730

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory...

FreeRDP 缓冲区错误漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions prior to FreeRDP 2.11.8 and 3.23.0 contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds read operations in the RDP GFX channel, which could allow malicious RDP servers to...

CVE-2026-22851

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...

CVE-2026-22851

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...

CVE-2026-22851

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...

PT-2026-2929

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.20.1 Description FreeRDP, a free implementation of the Remote Desktop Protocol, contains a flaw due to a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread. This condition...