VYPR
Vendor

Freerdp

Products
1
CVEs
172
Across products
172
Status
Private

Products

1

Recent CVEs

172
View all 172 CVEs →
  • CVE-2026-45700CriMay 29, 2026
    risk 0.57cvss 9.8epss 0.01

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination…

  • CVE-2017-2835HigApr 24, 2018
    risk 0.53cvss 8.1epss 0.01

    An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in…

  • CVE-2026-44421HigMay 29, 2026
    risk 0.50cvss 8.8epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is…

  • CVE-2026-44420HigMay 29, 2026
    risk 0.50cvss 8.8epss 0.04

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can…

  • CVE-2026-40033HigMay 26, 2026
    risk 0.50cvss 8.8epss 0.01

    FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using…

  • CVE-2017-2834HigApr 24, 2018
    risk 0.46cvss 7.0epss 0.02

    An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man…

  • CVE-2026-44422HigMay 29, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is…

  • CVE-2026-33986HigMar 30, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() call fails, the function returns…

  • CVE-2026-33984HigMar 30, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels…

  • CVE-2013-4119HigOct 3, 2016
    risk 0.42cvss 7.5epss 0.04

    FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished.

  • CVE-2013-4118HigOct 3, 2016
    risk 0.42cvss 7.5epss 0.04

    FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.

  • CVE-2026-33987HigMar 30, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData…

  • CVE-2026-33982HigMar 30, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2.

  • CVE-2017-2839MedApr 24, 2018
    risk 0.38cvss 5.9epss 0.02

    An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server…

  • CVE-2017-2838MedApr 24, 2018
    risk 0.38cvss 5.9epss 0.02

    An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server…

  • CVE-2017-2837MedApr 24, 2018
    risk 0.38cvss 5.9epss 0.02

    An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or…

  • CVE-2017-2836MedApr 24, 2018
    risk 0.38cvss 5.9epss 0.01

    An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can…

  • CVE-2026-33983MedMar 30, 2026
    risk 0.35cvss 6.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift…

  • CVE-2026-33977MedMar 30, 2026
    risk 0.35cvss 6.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly…

  • CVE-2026-33952MedMar 30, 2026
    risk 0.35cvss 6.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP…