Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

FreeRDP — Vulnerabilities & Security Advisories 142

Browse all 142 CVE security advisories affecting FreeRDP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FreeRDP is an open-source Remote Desktop Protocol client and server implementation designed to facilitate cross-platform remote desktop connectivity. Its widespread adoption in enterprise and personal environments has made it a frequent target for security researchers, resulting in a significant number of recorded Common Vulnerabilities and Exposures. Historically, the codebase has been susceptible to critical remote code execution flaws, often stemming from improper input validation within the RDP protocol parsing logic. These vulnerabilities frequently allow attackers to execute arbitrary commands or escalate privileges on affected systems without user interaction. While the project maintains an active development cycle to patch these issues, the sheer volume of past incidents highlights the complexity of implementing secure network protocols. Continuous monitoring and timely updates remain essential for mitigating risks associated with its extensive feature set and legacy code dependencies.

Top products by FreeRDP: FreeRDP
CVE IDTitleCVSSSeverityPublished
CVE-2026-40254 FreeRDP: contains_dotdot() off-by-one allows drive channel path traversal via terminal .. — FreeRDPCWE-193 4.2 Medium2026-04-24
CVE-2026-33995 FreeRDP: Possible double free in kerberos_AcceptSecurityContext — FreeRDPCWE-415 5.3 Medium2026-03-30
CVE-2026-33987 FreeRDP: Persistent Cache bmpSize Desync - Heap OOB Write — FreeRDPCWE-122 7.1 High2026-03-30
CVE-2026-33986 FreeRDP: H.264 YUV Buffer Dimension Desync - Heap OOB Write — FreeRDPCWE-122 7.5 High2026-03-30
CVE-2026-33985 FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read — FreeRDPCWE-125 5.9 Medium2026-03-30
CVE-2026-33984 FreeRDP: ClearCodec resize_vbar_entry() Heap OOB Write — FreeRDPCWE-122 7.5 High2026-03-30
CVE-2026-33983 FreeRDP: Progressive Codec Quant BYTE Underflow - UB + CPU DoS — FreeRDPCWE-190 6.5 Medium2026-03-30
CVE-2026-33982 FreeRDP: Persistent Cache Allocator Mismatch - Heap OOB Read — FreeRDPCWE-125 7.1 High2026-03-30
CVE-2026-33952 FreeRDP: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks — FreeRDPCWE-617 7.5 -2026-03-30
CVE-2026-33977 FreeRDP: DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331) — FreeRDPCWE-617 7.5 -2026-03-30
CVE-2026-31897 FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar` — FreeRDPCWE-125--2026-03-13
CVE-2026-31806 FreeRDP has a Heap Buffer Overflow in nsc_process_message() via Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions — FreeRDPCWE-122 9.1 -2026-03-13
CVE-2026-31885 FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks — FreeRDPCWE-125 6.5 Medium2026-03-13
CVE-2026-31884 FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 — FreeRDPCWE-369 6.5 Medium2026-03-13
CVE-2026-31883 FreeRDP has a `size_t` underflow in ADPCM decoder leads to heap-buffer-overflow write — FreeRDPCWE-191 6.5 Medium2026-03-13
CVE-2026-29776 FreeRDP has an Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library — FreeRDPCWE-190 3.1 Low2026-03-13
CVE-2026-29775 FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId — FreeRDPCWE-787 5.3 Medium2026-03-13
CVE-2026-29774 FreeRDP has a heap-buffer-overflow in avc420_yuv_to_rgb via OOB regionRects — FreeRDPCWE-787 5.3 Medium2026-03-13
CVE-2026-27951 FreeRDP has possible Integer overflow in Stream_EnsureCapacity — FreeRDPCWE-190 5.3 Medium2026-02-25
CVE-2026-27950 FreeRDP heap-use-after-free in update_pointer_new(SDL): Fix Applied in the Wrong File — FreeRDPCWE-416 9.8AICriticalAI2026-02-25
CVE-2026-26986 FreeRDP has heap-use-after-free in rail_window_free — FreeRDPCWE-416 9.1AICriticalAI2026-02-25
CVE-2026-26965 FreeRDP has Out-of-bounds Write — FreeRDPCWE-787 8.8 High2026-02-25
CVE-2026-26955 FreeRDP has Out-of-bounds Write — FreeRDPCWE-787 8.8 High2026-02-25
CVE-2026-27015 FreeRDP: Smartcard NDR Alignment Padding Triggers Reachable WINPR_ASSERT Abort (Client DoS) — FreeRDPCWE-617 7.5AIHighAI2026-02-25
CVE-2026-26271 Buffer Overread in FreeRDP Icon Processing — FreeRDPCWE-126 6.8AIMediumAI2026-02-25
CVE-2026-25997 FreeRDP has heap-use-after-free in xf_clipboard_format_equal — FreeRDPCWE-416 9.8AICriticalAI2026-02-25
CVE-2026-25959 FreeRDP has heap-use-after-free in xf_cliprdr_provide_data_ — FreeRDPCWE-416 9.1AICriticalAI2026-02-25
CVE-2026-25955 FreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (stale XImage) — FreeRDPCWE-416 9.8AICriticalAI2026-02-25
CVE-2026-25954 FreeRDP has heap-use-after-free in xf_rail_server_local_move_size — FreeRDPCWE-416 9.1AICriticalAI2026-02-25
CVE-2026-25953 FreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (freed appWindow) — FreeRDPCWE-416 9.1AICriticalAI2026-02-25

This page lists every published CVE security advisory associated with FreeRDP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.