CVE-2026-25959
EUVD-2026-873625.02.2026, 21:16
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls `xf_cliprdr_clear_cached_data` → `HashTable_Clear` which frees the same data via `xf_cached_data_free`, triggering a heap use after free. Version 3.23.0 fixes the issue.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| freerdp | freerdp | 𝑥 < 3.23.0 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| freerdp |
| ||||||||
| freerdp-devel |
| ||||||||
| freerdp-proxy |
| ||||||||
| freerdp-proxy-plugins |
| ||||||||
| freerdp-sdl |
| ||||||||
| freerdp-server |
| ||||||||
| libfreerdp-server-proxy3-3 |
| ||||||||
| libfreerdp3-3 |
| ||||||||
| librdtk0-0 |
| ||||||||
| libwinpr3-3 |
| ||||||||
| winpr-devel |
|
Common Weakness Enumeration
References