Out-of-bounds read in FreeRDP - #VU137827
Published: July 16, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in the TSMF FFmpeg decoder path when parsing AVC1 MPEG2VIDEOINFO media types with short ExtraData. A remote attacker can send specially crafted server-controlled media format data to cause a denial of service.
Only deployments with the deprecated and optional TSMF feature and the FFmpeg decoder path available are vulnerable.