CVE-2026-23532
FreeRDP has heap-buffer-overflow in gdi_SurfaceToSurface
CVSS Score
7.6
EPSS Score
0.0%
EPSS Percentile
0th
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s `gdi_SurfaceToSurface` path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
| CWE | CWE-122 |
| Vendor | freerdp |
| Product | freerdp |
| Published | Jan 19, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for freerdp freerdp
Be the first to know when new high vulnerabilities affecting freerdp freerdp are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
FreeRDP / FreeRDP
< 3.21.0
References
github.com: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fq8c-87hj-7gvr github.com: https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/gdi/gfx.c#L1368-L1382 github.com: https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-23532 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2430891 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23532.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2714 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2952 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2222 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2081 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3039 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3038 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3036 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3041 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2770 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2824 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2736 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3037 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2048