CVE-2026-25941
- Source
- https://cve.org/CVERecord?id=CVE-2026-25941
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25941.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-25941
- Aliases
-
- GHSA-3546-x645-5cf8
- Downstream
- Related
- Published
- 2026-02-25T19:55:24.984Z
- Modified
- 2026-04-02T13:18:55.516084Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- FreeRDP: vuln_1_15_1 RDPGFX WIRE_TO_SURFACE_2 Out-of-Bounds Read
- Details
-
FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory by sending a crafted WIRETOSURFACE_2 PDU with a
bitmapDataLengthvalue larger than the actual data in the packet. This can lead to information disclosure or client crashes when a user connects to a malicious server. Versions 2.11.8 and 3.23.0 fix the issue. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25941.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-125", "CWE-20" ] }- References
Affected packages
Git / github.com/freerdp/freerdp
Affected ranges
Affected versions
2.*
2.0.0
2.1.0
2.1.1
2.1.2
2.10.0
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.11.5
2.11.6
2.11.7
2.2.0
2.3.0
2.3.1
2.3.2
2.4.1
2.5.0
2.6.0
2.6.1
2.7.0
2.8.0
2.8.1
2.9.0
3.*
3.0.0
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-rc0
3.1.0
3.10.0
3.10.1
3.10.2
3.10.3
3.11.0
3.11.1
3.12.0
3.13.0
3.14.0
3.14.1
3.15.0
3.16.0
3.17.0
3.17.1
3.17.2
3.18.0
3.19.0
3.19.1
3.2.0
3.20.0
3.20.1
3.20.2
3.21.0
3.22.0
3.23.0
3.24.0
3.24.1
3.3.0
3.4.0
3.5.0
3.5.1
3.6.0
3.6.1
3.6.2
3.6.3
3.7.0
3.9.0