CVE-2026-45700
EUVD-2026-3343629.05.2026, 20:16
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate nXDst against the caller-provided destination stride (nDstStep) even when it is writing into the internal temp buffer pTempData. An attacker can bypass the check with a large nDstStep and a large nXDst, causing planar_decompress_plane_rle() to write past the end of pTempData. This vulnerability is fixed in 3.26.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| freerdp | freerdp | 𝑥 < 3.26.0 |
𝑥
= Vulnerable software versions
Debian Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| freerdp |
| ||||
| freerdp-devel |
| ||||
| freerdp-libs |
| ||||
| libwinpr |
| ||||
| libwinpr-devel |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| freerdp |
| ||||
| freerdp-debuginfo |
| ||||
| freerdp-debugsource |
| ||||
| freerdp-devel |
| ||||
| freerdp-libs |
| ||||
| freerdp-libs-debuginfo |
| ||||
| freerdp-server |
| ||||
| freerdp-server-debuginfo |
| ||||
| libwinpr |
| ||||
| libwinpr-debuginfo |
| ||||
| libwinpr-devel |
|
Common Weakness Enumeration
Vulnerability Media Exposure
References