Out-of-bounds read in FreeRDP - #VU137844

 

Out-of-bounds read in FreeRDP - #VU137844

Published: July 16, 2026


Vulnerability identifier: #VU137844
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: FreeRDP
Affected software:
FreeRDP

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.

The vulnerability exists due to out-of-bounds read in the RDP6 planar bitmap RLE decoder functions planar_decompress_plane_rle() and planar_decompress_plane_rle_only() when parsing a truncated planar-encoded bitmap or surface update from an RDP server. A remote attacker can send a specially crafted planar-encoded update to cause a denial of service and disclose sensitive information.

User interaction is required because a client must connect to a malicious or compromised RDP server, and the issue is reachable through both the classic bitmap update PDU path and the RDPGFX surface command path.


Remediation

Install security update from vendor's website.

Sources