CVE-2026-45700

9.8 CRITICAL

FreeRDP is a free implementation of the Remote Desktop Protocol

Published: 2026-05-29 · Last updated: 2026-06-01

Severity and scoring

CVSS: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787

Affected products

Vendor	Product
freerdp	freerdp

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate nXDst against the caller-provided destination stride (nDstStep) even when it is writing into the internal temp buffer pTempData. An attacker can bypass the check with a large nDstStep and a large nXDst, causing planar_decompress_plane_rle() to write past the end of pTempData. This vulnerability is fixed in 3.26.0.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45700
[Vendor advisory]https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mpxh-8fq3-x8mh
[Vendor advisory]https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mpxh-8fq3-x8mh

Related CVEs

Same vendor

CVE-2026-44422 — FreeRDP is a free implementation of the Remote Desktop Protocol (7.5 HIGH)
CVE-2026-44421 — FreeRDP is a free implementation of the Remote Desktop Protocol (8.8 HIGH)
CVE-2026-44420 — FreeRDP is a free implementation of the Remote Desktop Protocol (8.8 HIGH)
CVE-2026-40033 — FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bo... (8.8 HIGH)

Same CWE

CVE-2026-53465 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
CVE-2026-53461 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
CVE-2026-48724 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
CVE-2026-46559 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.0 MEDIUM)
CVE-2026-46521 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)