CVE-2026-25955
FreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (stale XImage)
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surface->data` without invalidating the `appWindow->image` that aliases it. Version 3.23.0 fixes the issue.
| CWE | CWE-416 |
| Vendor | freerdp |
| Product | freerdp |
| Published | Feb 25, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for freerdp freerdp
Be the first to know when new unknown vulnerabilities affecting freerdp freerdp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
FreeRDP / FreeRDP
< 3.23.0
References
github.com: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4g54-x8v7-559x github.com: https://github.com/FreeRDP/FreeRDP/commit/169d358734509e82663a0d6a0085ae726d439d8e github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1484-L1492 github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1494-L1500 github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_window.c#L1528 github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/libfreerdp/gdi/gfx.c#L1224-L1227