CVE-2026-23530
Unknown Unknown - Not Provided
Heap Buffer Overflow in FreeRDP Bitmap Decompression Causes DoS

Publication date: 2026-01-19

Last updated on: 2026-01-19

Assigner: GitHub, Inc.

Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-19
Last Modified
2026-01-19
Generated
2026-05-07
AI Q&A
2026-01-19
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23530
EUVD
EUVD-2026-3311
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
freerdp freerdp to 3.20.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-23530 is a heap-based buffer overflow vulnerability in FreeRDP's planar bitmap decompression. The function freerdp_bitmap_decompress_planar does not validate the source width and height parameters against the maximum allowed dimensions before performing Run-Length Encoding (RLE) decompression. This lack of validation allows a malicious server to cause the client to write beyond allocated memory buffers, leading to a heap buffer overflow. This can cause the client to crash or potentially allow arbitrary code execution depending on memory allocator behavior and heap layout. The issue affects FreeRDP versions up to 3.20.2 and was fixed in version 3.21.0. [2]


How can this vulnerability impact me? :

This vulnerability can be exploited by a malicious server to cause a client-side crash, resulting in a Denial of Service (DoS). Additionally, it can lead to heap corruption, which may allow an attacker to execute arbitrary code on the client system depending on the memory allocator behavior and heap layout. Therefore, it poses risks of service disruption and potential compromise of the affected system. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring FreeRDP client behavior for crashes or abnormal terminations during RDP sessions, especially when connecting to untrusted or potentially malicious servers. Detection may involve using AddressSanitizer or similar memory error detection tools to identify heap buffer overflows in the planar_decompress_plane_rle function. Additionally, analyzing network traffic for suspicious CreateSurface commands with unusually large width and height parameters exceeding typical desktop sizes could indicate exploitation attempts. Specific commands are not provided in the resources. [2]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade FreeRDP to version 3.21.0 or later, where the vulnerability has been patched. Avoid connecting to untrusted RDP servers until the update is applied. There are no other specific mitigation commands or workarounds mentioned in the resources. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart