VYPR

Freerdp

by Freerdp

Source repositories

CVEs (172)

  • CVE-2025-68118Dec 17, 2025
    risk 0.00cvss epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function `freerdp_certificate_data_hash_ uses` the Microsoft-specific `_snprintf` function to…

  • CVE-2025-4478May 16, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL…

  • CVE-2024-32662Apr 23, 2024
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only…

  • CVE-2024-32661Apr 23, 2024
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

  • CVE-2024-32660Apr 23, 2024
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

  • CVE-2024-32659Apr 23, 2024
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

  • CVE-2024-32658Apr 23, 2024
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

  • CVE-2024-32460Apr 22, 2024
    risk 0.00cvss epss 0.02

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a…

  • CVE-2024-32459Apr 22, 2024
    risk 0.00cvss epss 0.04

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.

  • CVE-2024-32458Apr 22, 2024
    risk 0.00cvss epss 0.02

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by…

  • CVE-2024-32041Apr 22, 2024
    risk 0.00cvss epss 0.02

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set…

  • CVE-2024-32040Apr 22, 2024
    risk 0.00cvss epss 0.02

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As…

  • CVE-2024-32039Apr 22, 2024
    risk 0.00cvss epss 0.02

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx`…

  • CVE-2024-22211Jan 19, 2024
    risk 0.00cvss epss 0.01

    FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and…

  • CVE-2023-40567Aug 31, 2023
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may…

  • CVE-2023-40569Aug 31, 2023
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and…

  • CVE-2023-40574Aug 31, 2023
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep`…

  • CVE-2023-40576Aug 31, 2023
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable…

  • CVE-2023-40575Aug 31, 2023
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc`…

  • CVE-2023-40188Aug 31, 2023
    risk 0.00cvss epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable…

Page 5 of 9