PT-2026-57295 · Freerdp · Freerdp
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-57158
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar decompress plane rle only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX CMDID WIRETOSURFACE 1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freerdp