CVE-2026-23530
FreeRDP has heap-buffer-overflow in planar_decompress_plane_rle
CVSS Score
7.6
EPSS Score
0.0%
EPSS Percentile
0th
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
| CWE | CWE-122 |
| Vendor | freerdp |
| Product | freerdp |
| Published | Jan 19, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for freerdp freerdp
Be the first to know when new high vulnerabilities affecting freerdp freerdp are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
FreeRDP / FreeRDP
< 3.21.0
References
github.com: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p github.com: https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/planar.c#L1689-L1696 github.com: https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/planar.c#L1713-L1716 github.com: https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/planar.c#L951-L953 github.com: https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-23530 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2430877 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23530.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2714 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2952 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2222 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2081 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3039 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3038 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3036 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3041 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2770 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2824 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2736 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3037 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2048