freerdp

177 tracked vulnerabilities.

CVE-2026-57158 CRITICAL
FreeRDP planar_decompress_plane_rle_only: heap OOB read — incomplete fix for CVE-2026-23530
Jul 10, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-57157 MEDIUM
Out-of-bounds read in the camera device enumerator server (rdpecam) via unterminated DeviceName / VirtualChannelName
Jul 10, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-57156 HIGH
FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing
Jul 10, 2026
EPSS 0.01
CVE-2026-55827 HIGH
FreeRDP: Heap out-of-bounds write in RemoteFX (RFX) Cache Bitmap V3 decode
Jul 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-56297 HIGH
FreeRDP - Use-After-Free via Race Condition in DRDYNVC Channel Callback
Jul 08, 2026
CVSS 7.0
EPSS 0.00
CVE-2026-45700 CRITICAL
FreeRDP - Heap-Buffer-Overflow Write in Planar Bitmap Decoder
May 29, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-44422 HIGH
FreeRDP RDPEAR NDR ref-id aliasing causes client-side UAF/double-free and type confusion
May 29, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44421 HIGH
FreeRDP RDPGFX CacheToSurface heap-buffer-overflow via clamped-rectangle validation bypass
May 29, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-44420 HIGH
FreeRDP cliprdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS
May 29, 2026
CVSS 8.8
EPSS 0.03
CVE-2026-40033 HIGH
FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass
May 26, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-40254 MEDIUM
FreeRDP: contains_dotdot() off-by-one allows drive channel path traversal via terminal ..
Apr 24, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-33995 MEDIUM
FreeRDP: Possible double free in kerberos_AcceptSecurityContext
Mar 30, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33987 HIGH
FreeRDP: Persistent Cache bmpSize Desync - Heap OOB Write
Mar 30, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-33986 HIGH
FreeRDP: H.264 YUV Buffer Dimension Desync - Heap OOB Write
Mar 30, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33985 MEDIUM
FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read
Mar 30, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-33984 HIGH
FreeRDP: ClearCodec resize_vbar_entry() Heap OOB Write
Mar 30, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33983 MEDIUM
FreeRDP: Progressive Codec Quant BYTE Underflow - UB + CPU DoS
Mar 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33982 HIGH
FreeRDP: Persistent Cache Allocator Mismatch - Heap OOB Read
Mar 30, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-33977 MEDIUM
FreeRDP: DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)
Mar 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33952 MEDIUM
FreeRDP: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks
Mar 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31897 NONE
FreeRDP <3.24.0 - Out-of-Bounds Read
Mar 13, 2026
EPSS 0.00
CVE-2026-31885 MEDIUM
FreeRDP <3.24.0 - Memory Corruption
Mar 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31884 MEDIUM
FreeRDP < 3.24.0 - Denial of Service via Division by Zero in ADPCM Decoders
Mar 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31883 MEDIUM
FreeRDP <3.24.0 - Heap Buffer Overflow
Mar 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31806 CRITICAL
FreeRDP <3.24.0 - Memory Corruption
Mar 13, 2026
CVSS 9.8
EPSS 0.01