71 matches found
Astra Linux – Vulnerability in ffmpeg5
It was discovered that FFmpeg version n6.1 contains a heap buffer overflow vulnerability in the drawblockrectangle function of libavfilter/vfcodecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service DoS attack through crafted inputs...
CVE-2026-52720
A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...
CVE-2026-52720 Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb
A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...
CVE-2026-52720 Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb
A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...
CVE-2026-52720
GStreamer: librfb (RFB/VNC client) is affected by a heap buffer overflow caused by improper bounds checking of rectangle dimensions, allowing a malicious VNC server to send a rectangle extending beyond the framebuffer. This can lead to an out-of-bounds heap write and, per the report, potential co...
PT-2026-49336
Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A heap buffer overflow exists in the librfb RFB/VNC client component of GStreamer. The issue occurs because the rectangle bounds check validates the total area instead of individual...
CVE-2026-44988
LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A malicious VNC serve...
SUSE-SU-2026:2227-1 Security update for LibVNCServer
This update for LibVNCServer fixes the following issues: - CVE-2026-44988: Fixed missing validation of rectangle width in tight gradient decoding can lead to server-triggered out-of-bounds write bsc1266459...
CVE-2026-44421
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...
CVE-2026-44421 FreeRDP RDPGFX CacheToSurface heap-buffer-overflow via clamped-rectangle validation bypass
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...
CVE-2026-44421 FreeRDP RDPGFX CacheToSurface heap-buffer-overflow via clamped-rectangle validation bypass
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...
CVE-2026-44421
CVE-2026-44421 affects FreeRDP prior to 3.26.0. A malicious RDP server can trigger a heap-buffer-overflow in the client via crafted RDPGFX PDUs in gdi_CacheToSurface, by validating a destination rectangle clamped to UINT16_MAX but copying using the original cacheEntry->width/height, causing a ...
CVE-2026-44988 LibVNCClient Tight Gradient decoding allows malicious server-triggered heap/stack OOB writes
LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A malicious VNC serve...
UBUNTU-CVE-2026-40033
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...
CVE-2026-40033
FreeRDP before 3.26.0 is affected by a heap-buffer-overflow in gdi_CacheToSurface. The issue stems from rectangle validation clamping coordinates to UINT16_MAX while copy operations use unclamped cache entry dimensions, enabling a malicious RDP server to trigger large out-of-bounds writes and pot...
FreeRDP Buffer Overflow Vulnerability (CNVD-2026-12777)
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP suffers from a buffer overflow vulnerability that stems from unvalidated target rectangle boundaries in the GDI surface pipeline, which can be exploited by an attacker to cause a heap buffer...
SUSE CVE-2026-26955
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination...
UBUNTU-CVE-2026-26955
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination...