High severity8.8NVD Advisory· Published May 29, 2026· Updated Jun 1, 2026
CVE-2026-44421
CVE-2026-44421
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX, but then performs the copy using the original cacheEntry->width/height. This can cause a large out-of-bounds heap write and may lead to client crashes or code execution. This bug is reachable from a malicious RDP server, but only when the client has RDPGFX enabled. This vulnerability is fixed in 3.26.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords3 versionspkg:rpm/opensuse/freerdp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 3.26.0-3.1+ 2 more
- (no CPE)range: < 3.26.0-3.1
- (no CPE)range: < 3.26.0-160000.1.1
- (no CPE)range: < 3.26.0-160000.1.1
Patches
Vulnerability mechanics
References
1- github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ffnvdExploitMitigationVendor Advisory
News mentions
0No linked articles in our index yet.