PT-2026-3460 · Freerdp+3 · Freerdp+3

Ehdgks0627

·

Published

2026-01-01

·

Updated

2026-04-07

·

CVE-2026-23732

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.21.0
Description The issue is a buffer overflow in the Glyph Alloc() function of the FreeRDP Remote Desktop Protocol client. The FastGlyph parsing component trusts the cbData/remaining length and does not validate it against the minimum size implied by cx/cy. A remote attacker can exploit this to trigger a client-side global buffer overflow, leading to a denial-of-service (DoS) condition. The vulnerability resides in how the client handles data during FastGlyph parsing. The vulnerable parameter is cbData.
Recommendations Versions prior to 3.21.0 should be updated to version 3.21.0 or later.

Exploit

Fix

DoS

Heap Based Buffer Overflow

Weakness Enumeration

CWE-122

Related Identifiers

ALSA-2026:6340
ALSA-2026:6799
ALSA-2026:6918
BDU:2026-00660
CVE-2026-23732
GHSA-7QXP-J2FJ-C3PP
MGASA-2026-0086
OESA-2026-1516
OESA-2026-1517
OESA-2026-1518
OESA-2026-1519
OESA-2026-1520
OESA-2026-1521
OPENSUSE-SU-2026:10107-1
OPENSUSE-SU-2026:10459-1
OPENSUSE-SU-2026:20339-1
OPENSUSE-SU-2026:20632-1
RHSA-2026:10076
RHSA-2026:10734
RHSA-2026:10735
RHSA-2026:10951
RHSA-2026:11323
RHSA-2026:6340
RHSA-2026:6727
RHSA-2026:6743
RHSA-2026:6799
RHSA-2026:6918
RHSA-2026:6958
RHSA-2026:9640
RHSA-2026:9641
SUSE-SU-2026:0345-1
SUSE-SU-2026:0656-1
SUSE-SU-2026:0683-1
SUSE-SU-2026:0761-1
SUSE-SU-2026:0762-1
USN-8105-1

Affected Products

Freerdp
Linuxmint
Rocky Linux
Ubuntu