Buffer overflow in Neutrinolabs Xrdp

CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out…

Vulnerability class: Buffer Overflow

EPSS: 0.006 (68.5th percentile) — read the EPSS interpretation.

Affected products

Neutrinolabs Xrdp — versions < 0.10.6

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-jg6p-7fg8-9hh6 (x_refsource_CONFIRM)
https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 (x_refsource_MISC)