CVE-2026-33985
- EPSS 0.21%
- Veröffentlicht 30.03.2026 21:43:13
- Zuletzt bearbeitet 01.04.2026 20:01:13
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.
CVE-2026-33984
- EPSS 0.4%
- Veröffentlicht 30.03.2026 21:42:57
- Zuletzt bearbeitet 30.06.2026 03:18:48
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, s...
CVE-2026-33983
- EPSS 0.43%
- Veröffentlicht 30.03.2026 21:42:27
- Zuletzt bearbeitet 30.06.2026 03:18:48
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value ...
CVE-2026-33982
- EPSS 0.19%
- Veröffentlicht 30.03.2026 21:42:11
- Zuletzt bearbeitet 01.04.2026 20:04:25
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version...
CVE-2026-33952
- EPSS 0.27%
- Veröffentlicht 30.03.2026 21:42:00
- Zuletzt bearbeitet 02.04.2026 15:16:40
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client conne...
CVE-2026-33977
- EPSS 0.26%
- Veröffentlicht 30.03.2026 21:41:36
- Zuletzt bearbeitet 01.04.2026 20:05:49
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated ...
CVE-2026-31897
- EPSS 0.29%
- Veröffentlicht 13.03.2026 17:42:11
- Zuletzt bearbeitet 17.03.2026 12:57:00
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying...
CVE-2026-31806
- EPSS 0.66%
- Veröffentlicht 13.03.2026 17:40:19
- Zuletzt bearbeitet 30.06.2026 03:18:27
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height...
CVE-2026-31885
- EPSS 0.26%
- Veröffentlicht 13.03.2026 17:38:23
- Zuletzt bearbeitet 17.03.2026 12:58:04
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24....
CVE-2026-31884
- EPSS 0.3%
- Veröffentlicht 13.03.2026 17:36:57
- Zuletzt bearbeitet 17.03.2026 14:25:10
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size wher...