CVE-2026-56297
- EPSS 0.26%
- Veröffentlicht 08.07.2026 13:49:01
- Zuletzt bearbeitet 09.07.2026 19:38:09
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by sending DYNVC_DATA and...
CVE-2026-45700
- EPSS 0.46%
- Veröffentlicht 29.05.2026 19:44:12
- Zuletzt bearbeitet 08.07.2026 13:16:47
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validate...
CVE-2026-44420
- EPSS 3.45%
- Veröffentlicht 29.05.2026 19:42:23
- Zuletzt bearbeitet 08.07.2026 13:16:45
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capa...
CVE-2026-44422
- EPSS 0.38%
- Veröffentlicht 29.05.2026 19:41:46
- Zuletzt bearbeitet 08.07.2026 13:16:46
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or owner...
CVE-2026-44421
- EPSS 0.42%
- Veröffentlicht 29.05.2026 19:40:25
- Zuletzt bearbeitet 08.07.2026 13:16:45
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a d...
CVE-2026-40033
- EPSS 0.83%
- Veröffentlicht 26.05.2026 14:08:47
- Zuletzt bearbeitet 08.07.2026 13:16:41
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but perf...
CVE-2026-40254
- EPSS 0.2%
- Veröffentlicht 24.04.2026 02:24:50
- Zuletzt bearbeitet 27.04.2026 17:44:02
FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot()` function catches `../` and `..\` mid-path but m...
CVE-2026-33995
- EPSS 0.28%
- Veröffentlicht 30.03.2026 21:43:49
- Zuletzt bearbeitet 01.04.2026 18:35:09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can c...
CVE-2026-33987
- EPSS 0.1%
- Veröffentlicht 30.03.2026 21:43:39
- Zuletzt bearbeitet 01.04.2026 18:44:43
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize ...
CVE-2026-33986
- EPSS 0.27%
- Veröffentlicht 30.03.2026 21:43:21
- Zuletzt bearbeitet 30.06.2026 03:18:48
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() call f...