Out-of-bounds read in FreeRDP - CVE-2026-57158
Published: July 6, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds read in planar_decompress_plane_rle_only when processing a truncated RLE planar payload in RDPGFX_CMDID_WIRETOSURFACE_1. A remote attacker can send a specially crafted WireToSurface packet with codecId=PLANAR and a payload truncated by 1 byte to cause a denial of service.
No user interaction beyond connecting to the server is required.