freerdp

167 tracked vulnerabilities.

CVE-2026-23532 CRITICAL
FreeRDP < 3.21.0 - Heap-based Buffer Overflow in gdi_SurfaceToSurface
Jan 19, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-23531 CRITICAL
FreeRDP < 3.21.0 - Heap-based Buffer Overflow via RDPGFX Surface Updates
Jan 19, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-23530 CRITICAL
FreeRDP < 3.21.0 - Heap-based Buffer Overflow in Planar Bitmap Decompression
Jan 19, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-22859 CRITICAL
FreeRDP < 3.20.1 - Out-of-bounds Read in URBDRC Client
Jan 14, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-22858 CRITICAL
FreeRDP < 3.20.1 - Out-of-bounds Read via Base64 Decoding
Jan 14, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-22857 CRITICAL
FreeRDP < 3.20.1 - Use-After-Free in IRP Error Handling
Jan 14, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-22856 HIGH
FreeRDP < 3.20.1 - Use-After-Free via Serial Channel IRP Thread Race
Jan 14, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-22855 CRITICAL
FreeRDP < 3.20.1 - Out-of-bounds Read in Smartcard SetAttrib Path
Jan 14, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-22854 CRITICAL
FreeRDP < 3.20.1 - Heap-based Buffer Overflow via Drive Read IRP Output Stream
Jan 14, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-22853 CRITICAL
FreeRDP < 3.20.1 - Heap Buffer Overflow in RDPEAR NDR Array Reader
Jan 14, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-22852 CRITICAL
FreeRDP < 3.20.1 - Heap Buffer Overflow via Audio Input Format List Processing
Jan 14, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-22851 MEDIUM
FreeRDP < 3.20.1 - Use-After-Free via RDPGFX ResetGraphics Handling
Jan 14, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-68118 CRITICAL
FreeRDP < 3.20.0 - Out-of-bounds Read via Certificate Cache Filename Handling
Dec 17, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-4478 MEDIUM
FreeRDP 3.0.0-3.15.9 - Denial of Service via Crafted RDP Packet
May 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-32662 HIGH
FreeRDP < 3.5.1 - Out-of-bounds Read via WCHAR String Handling
Apr 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-32661 HIGH
FreeRDP < 3.5.1 - Denial of Service via NULL Pointer Dereference
Apr 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-32660 HIGH
FreeRDP < 3.5.1 - Denial of Service via Invalid Huge Allocation Size
Apr 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-32659 CRITICAL
FreeRDP < 3.5.1 - Out-of-bounds Read
Apr 23, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-32658 CRITICAL
FreeRDP < 3.5.1 - Out-of-bounds Read
Apr 23, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-32460 HIGH
FreeRDP <3.5.0-2.11.6 - Out-of-bounds read
Apr 22, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-32459 CRITICAL
FreeRDP <3.5.0, <2.11.6 - Memory Corruption
Apr 22, 2024
CVSS 9.8
EPSS 0.06
CVE-2024-32458 CRITICAL
FreeRDP <3.5.0-2.11.6 - Info Disclosure
Apr 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-32041 CRITICAL
FreeRDP <3.5.0-2.11.6 - Memory Corruption
Apr 22, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-32040 HIGH
FreeRDP <3.5.0-2.11.6 - Integer Underflow
Apr 22, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-32039 CRITICAL
FreeRDP <3.5.0-2.11.6 - Buffer Overflow
Apr 22, 2024
CVSS 9.8
EPSS 0.01
Products
freerdp 167 FreeRDP 18
Quick Filters
Critical CVEs With Exploits In CISA KEV