PT-2026-57293 · Freerdp · Freerdp

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-57156

CVSS v4.0

8.6

High

VectorAV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update read delta points in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeof(DELTA POINT), allowing a malicious RDP peer to allocate an undersized heap buffer and then write beyond it during initialization. This issue is fixed in version 3.28.0.

Fix

Heap Based Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-57156

Affected Products

Freerdp