CVE-2026-40033
EUVD-2026-3183026.05.2026, 15:16
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| freerdp | freerdp | 𝑥 < 3.26.0 |
𝑥
= Vulnerable software versions
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| freerdp |
| ||||
| freerdp-debuginfo |
| ||||
| freerdp-debugsource |
| ||||
| freerdp-devel |
| ||||
| freerdp-libs |
| ||||
| freerdp-libs-debuginfo |
| ||||
| freerdp-server |
| ||||
| freerdp-server-debuginfo |
| ||||
| libwinpr |
| ||||
| libwinpr-debuginfo |
| ||||
| libwinpr-devel |
|
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
Vulnerability Media Exposure
References