CVE-2026-23532 FreeRDP has heap-buffer-overflow in gdi_SurfaceToSurface

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s gdiSurfaceToSurface path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a...

EUVD-2026-3316

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s gdiSurfaceToSurface path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a...

CVE-2026-23531 FreeRDP has heap-buffer-overflow in clear_decompress

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls freerdpimagecopynooverlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates...

CVE-2026-23531

Summary: CVE-2026-23531 affects FreeRDP before 3.21.0 through a flawed destination-rectangle validation in ClearCodec during RDPGFX surface updates, enabling an out-of-bounds read/write and a client-side heap buffer overflow. This can crash the client (DoS) and, depending on allocator/heap layout...

FreeRDP security vulnerabilities

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.21.0 contained security vulnerabilities. These vulnerabilities stemmed from a mismatch between the target rectangle limit in the gdiSurfaceToSurface path and the actual copied size,...

What Is Exposure Management Cybersecurity? A Guide

For too long, security has been a defensive game of whack-a-mole. A new threat appears, and we scramble to patch it. But what if we could see our organizations the way an attacker does? Attackers don’t care about your patching cadence or your CVSS scores. They look for the path of least...

SUSE CVE-2026-22851

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001652 advisory. The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels dat...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002764)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002764 advisory. The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003331)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003331 advisory. The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels dat...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002788)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002788 advisory. The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002930)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002930 advisory. The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003343)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003343 advisory. The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels dat...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003191)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003191 advisory. The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002969)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002969 advisory. The vmwgbsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows...

CVE-2026-22851

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...

UBUNTU-CVE-2026-22851

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...

CVE-2026-22851 FreeRDP RDPGFX ResetGraphics race leads to use-after-free in SDL client (sdl->primary)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...

CVE-2026-22851

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...

EUVD-2026-2677

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...