CVE-2026-45700

Name
CVE-2026-45700
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate nXDst against the caller-provided destination stride (nDstStep) even when it is writing into the internal temp buffer pTempData. An attacker can bypass the check with a large nDstStep and a large nXDst, causing planar_decompress_plane_rle() to write past the end of pTempData. This vulnerability is fixed in 3.26.0.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security-advisories@github.com https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mpxh-8fq3-x8mh

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* freerdp >= None < 3.26.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
freerdp edge-community 3.25.0-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp edge-community 3.24.2-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp edge-community 3.24.1-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp edge-community 3.24.0-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp edge-community 3.23.0-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp edge-community 3.22.0-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp edge-community 3.21.0-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp edge-community 3.20.2-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp edge-community 3.20.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.20.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.18.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.16.0-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.16.0-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.16.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.16.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.15.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.14.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.10.3-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.10.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 3.10.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 2.11.7-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 2.11.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 2.9.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 2.4.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 2.2.0-r0 None possibly vulnerable
freerdp edge-community 2.1.2-r0 None possibly vulnerable
freerdp edge-community 2.0.0_rc4-r0 None possibly vulnerable
freerdp edge-community 2.0.0-r1 None possibly vulnerable
freerdp edge-community 2.0.0-r0 None possibly vulnerable
freerdp 3.23-community 3.24.2-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp 3.23-community 3.24.0-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp 3.23-community 3.23.0-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp 3.23-community 3.22.0-r0 Lindsay Zhou <i@lin.moe> possibly vulnerable
freerdp 3.23-community 3.18.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable