漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
FreeRDP planar_decompress_plane_rle_only: heap OOB read — incomplete fix for CVE-2026-23530
Vulnerability Description
FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
FreeRDP 缓冲区错误漏洞
Vulnerability Description
FreeRDP是FreeRDP团队开源的一款开源的远程桌面协议(RDP)的实现。 FreeRDP 3.21.0版本至3.28.0之前版本存在缓冲区错误漏洞,该漏洞源于planar_decompress_plane_rle_only函数中存在越界读取问题,可能导致恶意RDP服务器发送截断的RDPGFX_CMDID_WIRETOSURFACE_1 planar有效载荷,读取输入缓冲区之外的一个字节。
CVSS Information
N/A
Vulnerability Type
N/A