Out-of-bounds read in FreeRDP - CVE-2026-31897
Published: April 8, 2026
Vulnerability identifier: #VU125357
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31897
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: FreeRDP
Affected software:
FreeRDP
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in freerdp_bitmap_decompress_planar when processing a planar bitmap with SrcSize set to 0. A remote attacker can send a crafted RDPGFX Surface Command to disclose sensitive information.
User interaction is required, and the Bitmap Update PDU path is not affected because it validates the bitmap length before calling the decoder.
How to mitigate CVE-2026-31897
Install security update from vendor's website.