Unrated severityNVD Advisory· Published Mar 13, 2026· Updated Mar 16, 2026
FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
CVE-2026-29775
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can send a CACHE_BITMAP_ORDER (Rev1) with cacheId equal to maxCells, bypassing the guard and accessing cells[] one element past the allocated array. This vulnerability is fixed in 3.24.0.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/FreeRDP/FreeRDP/commit/ffad58fd2b329efd81a3239e9d7e3c927b8e503fmitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h666-rfw3-jhvjmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.