🔐 CVE Alert

CVE-2026-23531

HIGH 7.6

FreeRDP has heap-buffer-overflow in clear_decompress

CVSS Score
7.6
EPSS Score
0.0%
EPSS Percentile
0th

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

CWE CWE-122
Vendor freerdp
Product freerdp
Published Jan 19, 2026
Last Updated Jun 30, 2026
Stay Ahead of the Next One

Get instant alerts for freerdp freerdp

Be the first to know when new high vulnerabilities affecting freerdp freerdp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FreeRDP / FreeRDP
< 3.21.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗
github.com: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xj5h-9cr5-23c5 github.com: https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L1139-L1145 github.com: https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-23531 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2430887 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23531.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2714 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2952 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2222 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2081 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3039 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3038 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3036 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3041 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2770 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2824 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2736 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3037 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2048