Freerdp

Freerdp

157 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2026-31897

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 17:42:11
  • Zuletzt bearbeitet 17.03.2026 12:57:00

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying...

9.8

CVE-2026-31806

Exploit
  • EPSS 0.02%
  • Veröffentlicht 13.03.2026 17:40:19
  • Zuletzt bearbeitet 17.03.2026 14:27:20

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height...

9.4

CVE-2026-31885

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 17:38:23
  • Zuletzt bearbeitet 17.03.2026 12:58:04

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24....

7.5

CVE-2026-31884

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 17:36:57
  • Zuletzt bearbeitet 17.03.2026 14:25:10

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size wher...

9.8

CVE-2026-31883

Exploit
  • EPSS 0.04%
  • Veröffentlicht 13.03.2026 17:35:17
  • Zuletzt bearbeitet 17.03.2026 14:26:13

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADP...

3.1

CVE-2026-29776

  • EPSS 0.04%
  • Veröffentlicht 13.03.2026 17:33:10
  • Zuletzt bearbeitet 17.03.2026 14:33:19

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0.

8.2

CVE-2026-29775

Exploit
  • EPSS 0.05%
  • Veröffentlicht 13.03.2026 17:28:39
  • Zuletzt bearbeitet 17.03.2026 14:43:17

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can s...

8.2

CVE-2026-29774

Exploit
  • EPSS 0.05%
  • Veröffentlicht 13.03.2026 17:26:58
  • Zuletzt bearbeitet 17.03.2026 14:51:38

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metabloc...

7.5

CVE-2026-27951

Exploit
  • EPSS 0.05%
  • Veröffentlicht 25.02.2026 21:07:30
  • Zuletzt bearbeitet 27.02.2026 19:09:27

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create an endless blocking loop. This may affect all client and server implementations using `FreeRDP`. For practical e...

7.5

CVE-2026-27950

  • EPSS 0.1%
  • Veröffentlicht 25.02.2026 21:05:23
  • Zuletzt bearbeitet 27.02.2026 19:10:21

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2...