PT-2026-25341 · Freerdp+1 · Freerdp+1

Yjk0805

Publicado

2026-01-01

Atualizado

2026-06-15

CVE-2026-31897

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.0

Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the freerdp bitmap decompress planar function where an out-of-bounds read can occur when the SrcSize is 0. The function dereferences a pointer without verifying that SrcSize is greater than or equal to 1. When SrcSize is 0, reading from the source buffer can access memory beyond its boundaries.

Recommendations Update to version 3.24.0 or later.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

BDU:2026-04145

CVE-2026-31897

GHSA-XGV6-R22M-7C9X

OESA-2026-2439

OESA-2026-2440

OESA-2026-2441

OESA-2026-2442

OPENSUSE-SU-2026:10408-1

OPENSUSE-SU-2026:20657-1

SUSE-SU-2026:1632-1

SUSE-SU-2026:1633-1

SUSE-SU-2026:1634-1

SUSE-SU-2026:1635-1

SUSE-SU-2026:1640-1

SUSE-SU-2026:21436-1

Produtos afetados

Freerdp

Red Os

PT-2026-25341 · Freerdp+1 · Freerdp+1

CVE-2026-31897

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 56