Freerdp

Freerdp

157 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-26986

Exploit
  • EPSS 0.07%
  • Veröffentlicht 25.02.2026 21:01:16
  • Zuletzt bearbeitet 27.02.2026 19:11:09

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointer during `HashTable_Free` cleanup because `xf_rail_window_common` calls `free(appWindow)` on title a...

8.8

CVE-2026-26965

Exploit
  • EPSS 0.06%
  • Veröffentlicht 25.02.2026 20:59:17
  • Zuletzt bearbeitet 27.02.2026 14:49:57

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle()` writes into `pDstData` at `((nYDst+y) * nDstStep) + (4*nXDst) + nChannel` without verifying that ...

8.8

CVE-2026-26955

Exploit
  • EPSS 0.05%
  • Veröffentlicht 25.02.2026 20:47:14
  • Zuletzt bearbeitet 27.02.2026 14:50:07

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e.g., `xfreerdp`) by sending an RDPGFX ClearCodec s...

6.5

CVE-2026-27015

Exploit
  • EPSS 0.04%
  • Veröffentlicht 25.02.2026 20:44:14
  • Zuletzt bearbeitet 27.02.2026 14:48:24

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in `smartcard_unpack_read_size_align()` (`libfreerdp/utils/smartcard_pack.c:1703`) allows a malicious RDP server to crash the FreeRDP cli...

5.3

CVE-2026-26271

  • EPSS 0.05%
  • Veröffentlicht 25.02.2026 20:40:19
  • Zuletzt bearbeitet 27.02.2026 16:46:56

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug i...

9.8

CVE-2026-25997

Exploit
  • EPSS 0.11%
  • Veröffentlicht 25.02.2026 20:38:40
  • Zuletzt bearbeitet 27.02.2026 14:57:09

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconne...

9.8

CVE-2026-25959

Exploit
  • EPSS 0.1%
  • Veröffentlicht 25.02.2026 20:36:09
  • Zuletzt bearbeitet 27.02.2026 14:52:51

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which ...

9.8

CVE-2026-25955

Exploit
  • EPSS 0.07%
  • Veröffentlicht 25.02.2026 20:32:42
  • Zuletzt bearbeitet 27.02.2026 14:56:40

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surfa...

7.5

CVE-2026-25954

Exploit
  • EPSS 0.06%
  • Veröffentlicht 25.02.2026 20:30:32
  • Zuletzt bearbeitet 27.02.2026 14:56:16

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` returns an unprotected pointer from the `railWindows` h...

9.8

CVE-2026-25953

Exploit
  • EPSS 0.11%
  • Veröffentlicht 25.02.2026 20:27:00
  • Zuletzt bearbeitet 27.02.2026 14:55:56

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare pointer via `xf_rail_get_window` without any lifet...