CVE-2026-23732
Unknown Unknown - Not Provided
Buffer Overflow in FreeRDP FastGlyph Parsing Causes DoS

Publication date: 2026-01-19

Last updated on: 2026-01-19

Assigner: GitHub, Inc.

Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client‑side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-19
Last Modified
2026-01-19
Generated
2026-06-16
AI Q&A
2026-01-19
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23732
EUVD
EUVD-2026-3313
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
freerdp freerdp to 3.21.0 (exc)
freerdp freerdp 3.21.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based buffer overflow in FreeRDP versions prior to 3.21.0. It occurs during FastGlyph parsing where the code trusts the cbData field (remaining data length) without validating it against the minimum size required by the glyph dimensions (cx and cy). Specifically, the Glyph_Alloc function allocates memory based on an unvalidated cbData value and copies glyph data without consistency checks. This can cause the client to read beyond the allocated buffer, leading to a heap buffer overflow. A malicious RDP server can exploit this by sending crafted glyph data, causing the client application to crash (denial of service). The issue was fixed in version 3.21.0 by adding proper validation of glyph data size before allocation and copying. [4]

Impact Analysis

A malicious Remote Desktop Protocol (RDP) server can exploit this vulnerability by sending specially crafted glyph data to a FreeRDP client. This triggers a heap buffer overflow on the client side, which can cause the client application to crash, resulting in a denial of service (DoS). This means that users relying on FreeRDP to connect to RDP servers could experience unexpected application crashes and loss of remote desktop connectivity. [4]

Detection Guidance

This vulnerability can be detected by monitoring for crashes or denial of service events in FreeRDP clients prior to version 3.21.0 when connecting to potentially malicious RDP servers. Since the issue involves heap buffer overflow triggered by malformed FastGlyph data, one could use debugging tools like AddressSanitizer or memory error detectors to identify out-of-bounds reads in the freerdp_glyph_convert function. However, no specific network detection commands or signatures are provided in the resources. Monitoring logs for client crashes or unusual RDP session terminations may help detect exploitation attempts. [4]

Mitigation Strategies

The immediate mitigation step is to upgrade FreeRDP to version 3.21.0 or later, where the vulnerability has been patched by adding proper validation of glyph data size against expected dimensions before memory allocation and copying. Until the upgrade can be applied, avoid connecting to untrusted or potentially malicious RDP servers to reduce the risk of exploitation. [4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23732. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart