Main Vulnerability Database Vulnerabilities #VU134735

Out-of-bounds write in FreeRDP - #VU134735

Published: June 17, 2026

Vulnerability identifier: #VU134735

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: FreeRDP

Affected software:
FreeRDP

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to out-of-bounds write in FreeRDP RemoteFX (RFX) Cache Bitmap V3 decode in gdi_Bitmap_Decompress when processing a Cache Bitmap V3 secondary drawing order from an RDP server with codecID=0x03. A remote attacker can send a specially crafted RDP response to execute arbitrary code.

User interaction is required because the victim must connect to the malicious or compromised RDP server. The issue is reachable only after connection is established and only when the non-default /cache:codec:rfx client flag is enabled.

Remediation

Install security update from vendor's website.

Sources

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c495-h83v-3prp

Out-of-bounds write in FreeRDP - #VU134735

Detailed vulnerability description

Remediation

Sources

Please verify you're human