Out-of-bounds read in FreeRDP - #VU137819
Published: July 16, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows an attacker with physical access to cause a denial of service.
The vulnerability exists due to an out-of-bounds heap read in the UVC H.264 extension-unit parser in the rdpecam V4L client path when processing a crafted USB video-control interface extra descriptor during camera stream setup. An attacker with physical access can provide a malicious USB camera with a short extension-unit descriptor to cause a denial of service.
User interaction is required to use the redirected camera, and the issue is triggered when a V4L camera stream is created.