CVE-2026-29776

LOW

FreeRDP <3.24.0 - Memory Corruption

Title source: llm

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0.

References (2)

[Vendor Advisory] https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c747-x4wf-cqrr

[Patch] https://github.com/FreeRDP/FreeRDP/commit/a9e0abf2eac8c2e370fa155bf1abb9d044c0ca8a

View Patch ZIP pw:eip

Scores

CVSS v3 3.1

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190 CWE-191 CWE-789 CWE-400

Status published

Products (2)

freerdp/freerdp < 3.24.0

FreeRDP/FreeRDP < 3.24.0

Published Mar 13, 2026

Tracked Since Mar 14, 2026