CVE-2026-26271
- EPSS 0.24%
- Veröffentlicht 25.02.2026 20:40:19
- Zuletzt bearbeitet 27.02.2026 16:46:56
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug i...
CVE-2026-25997
- EPSS 0.57%
- Veröffentlicht 25.02.2026 20:38:40
- Zuletzt bearbeitet 27.02.2026 14:57:09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconne...
CVE-2026-25959
- EPSS 0.57%
- Veröffentlicht 25.02.2026 20:36:09
- Zuletzt bearbeitet 27.02.2026 14:52:51
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which ...
CVE-2026-25955
- EPSS 0.5%
- Veröffentlicht 25.02.2026 20:32:42
- Zuletzt bearbeitet 27.02.2026 14:56:40
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surfa...
CVE-2026-25954
- EPSS 0.49%
- Veröffentlicht 25.02.2026 20:30:32
- Zuletzt bearbeitet 27.02.2026 14:56:16
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` returns an unprotected pointer from the `railWindows` h...
CVE-2026-25953
- EPSS 0.59%
- Veröffentlicht 25.02.2026 20:27:00
- Zuletzt bearbeitet 27.02.2026 14:55:56
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare pointer via `xf_rail_get_window` without any lifet...
CVE-2026-25952
- EPSS 0.6%
- Veröffentlicht 25.02.2026 20:24:07
- Zuletzt bearbeitet 27.02.2026 14:55:25
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_server_min_max_info` returns an unprotected pointer...
CVE-2026-25941
- EPSS 0.28%
- Veröffentlicht 25.02.2026 20:23:48
- Zuletzt bearbeitet 27.02.2026 14:53:29
FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicio...
CVE-2026-25942
- EPSS 0.45%
- Veröffentlicht 25.02.2026 20:01:16
- Zuletzt bearbeitet 27.02.2026 14:54:06
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0–6) with an unchecked `execResult->execResult` value receive...
CVE-2026-24684
- EPSS 0.53%
- Veröffentlicht 09.02.2026 18:23:02
- Zuletzt bearbeitet 10.02.2026 15:02:32
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This...