VYPR
Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 26, 2026

Buffer Overread in FreeRDP Icon Processing

CVE-2026-26271

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in freerdp_image_copy_from_icon_data() (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.