CVE-2026-29775

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.0

Description FreeRDP is a free implementation of the Remote Desktop Protocol. A client-side heap out-of-bounds read/write issue exists in FreeRDP's bitmap cache subsystem. This is due to an incorrect boundary check in the bitmap cache put function when handling a CACHE BITMAP ORDER (Rev1) message with a cacheId equal to maxCells. This allows a malicious server to bypass security checks and access memory outside the allocated array.

Recommendations Update to version 3.24.0 or later.

Exploit

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALSA-2026:16014

ALSA-2026:16019

ALSA-2026:16482

BDU:2026-04139

CVE-2026-29775

GHSA-H666-RFW3-JHVJ

OPENSUSE-SU-2026:10408-1

OPENSUSE-SU-2026:20657-1

SUSE-SU-2026:1632-1

SUSE-SU-2026:1633-1

SUSE-SU-2026:1634-1

SUSE-SU-2026:1635-1

SUSE-SU-2026:1640-1

SUSE-SU-2026:21436-1

Affected Products

Freerdp

Rocky Linux

CVE-2026-29775

Weakness Enumeration

Related Identifiers

Affected Products

References · 70