Out-of-bounds read in FreeRDP - #VU137839
Published: July 16, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service or disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the async update message proxy for PolygonCB orders when processing crafted primary drawing orders from a malicious RDP server with AsyncUpdate enabled. A remote attacker can send a specially crafted PolygonCB update order to cause a denial of service or disclose sensitive information.
The issue affects the client side and requires AsyncUpdate to be enabled.