vulnerability
Red Hat: CVE-2026-23530: freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server. (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:P/I:P/A:C) | Jan 19, 2026 | Feb 10, 2026 | Mar 27, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:C)
Published
Jan 19, 2026
Added
Feb 10, 2026
Modified
Mar 27, 2026
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
Solutions
redhat-upgrade-freerdpredhat-upgrade-freerdp-debuginforedhat-upgrade-freerdp-debugsourceredhat-upgrade-freerdp-develredhat-upgrade-freerdp-libsredhat-upgrade-freerdp-libs-debuginforedhat-upgrade-freerdp-serverredhat-upgrade-freerdp-server-debuginforedhat-upgrade-libwinprredhat-upgrade-libwinpr-debuginforedhat-upgrade-libwinpr-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.