PT-2026-57295 · Freerdp · Freerdp

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-57158

CVSS v4.0

5.1

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar decompress plane rle only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX CMDID WIRETOSURFACE 1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-57158

Affected Products

Freerdp