CVE-2026-45700

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0

Description The planar bitmap decoder contains an out-of-bounds heap write when decoding RLE planar data. In the libfreerdp/codec/planar.c file, the freerdp bitmap decompress planar() function validates the X destination coordinate nXDst against the caller-provided destination stride nDstStep while writing into the internal temporary buffer pTempData. An attacker can bypass this check by using a large nDstStep and a large nXDst, which causes the planar decompress plane rle() function to write past the end of pTempData.

Recommendations Update to version 3.26.0.