Buffer overflow in Freerdp

CVE-2026-31806

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

Affected products

Freerdp — versions < 3.24.0

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrqm-46rj-cmx2 (x_refsource_CONFIRM)
https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b (x_refsource_MISC)