5 matches found
SUSE CVE-2026-25942
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverexecuteresult indexes the global errorcodenames array 7 elements, indices 0-6 with an unchecked execResult-execResult value received from the server, allowing an out-of-bounds read when the serve...
CVE-2026-25954
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferences a freed xfAppWindow pointer because xfrailgetwindow returns an unprotected pointer from the railWindows hash table, and the main thread can concurrently delete the wind...
CVE-2026-25954 FreeRDP has heap-use-after-free in xf_rail_server_local_move_size
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferences a freed xfAppWindow pointer because xfrailgetwindow returns an unprotected pointer from the railWindows hash table, and the main thread can concurrently delete the wind...
CVE-2026-25942
FreeRDP is affected prior to 3.23.0. The vulnerability occurs in xf_rail_server_execute_result, which uses an unchecked execResult value from the server to index the global error_code_names[] array (size 7, indices 0–6). An execResult of 7 or greater allows an out-of-bounds read. The issue is fix...
EUVD-2026-8731
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverexecuteresult indexes the global errorcodenames array 7 elements, indices 0–6 with an unchecked execResult-execResult value received from the server, allowing an out-of-bounds read when the serve...