9 matches found
CVE-2026-25954
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferences a freed xfAppWindow pointer because xfrailgetwindow returns an unprotected pointer from the railWindows hash table, and the main thread can concurrently delete the wind...
CVE-2026-25954
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferences a freed xfAppWindow pointer because xfrailgetwindow returns an unprotected pointer from the railWindows hash table, and the main thread can concurrently delete the wind...
CVE-2026-25952
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...
CVE-2026-25954 FreeRDP has heap-use-after-free in xf_rail_server_local_move_size
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferences a freed xfAppWindow pointer because xfrailgetwindow returns an unprotected pointer from the railWindows hash table, and the main thread can concurrently delete the wind...
CVE-2026-25954 FreeRDP has heap-use-after-free in xf_rail_server_local_move_size
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferences a freed xfAppWindow pointer because xfrailgetwindow returns an unprotected pointer from the railWindows hash table, and the main thread can concurrently delete the wind...
CVE-2026-25954
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferences a freed xfAppWindow pointer because xfrailgetwindow returns an unprotected pointer from the railWindows hash table, and the main thread can concurrently delete the wind...
CVE-2026-25952
CVE-2026-25952 : FreeRDP before 3.23.0 dereferences a freed xfAppWindow pointer when xf_rail_get_window returns an unprotected pointer from the railWindows hash, with the main thread potentially deleting the window while the RAIL channel thread still uses it. This use-after-free vulnerability aff...
CVE-2026-25952 FreeRDP has heap-use-after-free in xf_SetWindowMinMaxInfo
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...
PT-2026-22011
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the RAIL channel window management where the xf rail server local move size function dereferences a freed xfAppWindo...