CVE-2026-40033

Summary

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash.

Affected Software

VendorProductVersion RangeStatus
FreeRDPFreeRDP0 < 3.26.0affected
FreeRDPFreeRDP3.26.0unaffected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

freerdp: FreeRDP: Remote code execution via heap-buffer-overflow in gdi_CacheToSurface

Additional References

References