|
Vulnerabilities
< Back

CVE-2026-23531

Updated on 19 Jan 2026

Severity

9.8 Critical severity

Details

CVSS score
9.8
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, clear_decompress calls freerdp_image_copy_no_overlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

Details

Affected product:
CentOS 7 ELS
Affected packages:
freerdp @ 2.1.1
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, clear_decompress calls freerdp_image_copy_no_overlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

Fixes