Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
Published: 2026-01-19
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Client‑side heap buffer overflow leading to denial of service and potential code execution
Action: Immediate Patch
AI Analysis

Impact

FreeRDP, a free Remote Desktop Protocol implementation, has a heap‑buffer overflow in the ClearCodec decode path. A malicious RDP server can send specially crafted residual data that triggers out‑of‑bounds writes on the client’s heap. The overflow can cause the client to crash, producing a denial‑of‑service, and may corrupt heap metadata, creating an opportunity for an attacker to execute arbitrary code depending on the memory allocator and surrounding layout.

Affected Systems

This vulnerability affects all FreeRDP clients released prior to version 3.21.0. Any system running a legacy FreeRDP client within a remote desktop session is potentially exposed.

Risk and Exploitability

The CVSS score of 7.7 indicates a moderate‑high severity, while the EPSS score of less than 1% suggests a currently low exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. The attack vector is remote; an attacker controls the RDP server and can send malicious packets to affect the client. The impact includes crash, denial of service, heap corruption, and potential remote code execution if heap exploitation succeeds.

Generated by OpenCVE AI on April 18, 2026 at 05:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FreeRDP to version 3.21.0 or later, which contains the fix for the ClearCodec overflow.
  • If an immediate upgrade is not possible, limit client exposure by connecting only to trusted servers or by blocking unsolicited RDP traffic from untrusted networks.
  • Apply network segmentation or firewall rules to restrict inbound RDP connections to known, authorized hosts, reducing the attack surface while a patch is deployed.

Generated by OpenCVE AI on April 18, 2026 at 05:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8004-2 FreeRDP regression
History

Wed, 28 Jan 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 20 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Tue, 20 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

threat_severity

Important

Mon, 19 Jan 2026 17:30:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
Title FreeRDP has heap-buffer-overflow in clear_decompress_residual_data
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-20T21:38:24.937Z

Reserved: 2026-01-13T18:22:43.981Z

Link: CVE-2026-23533

cve-icon Vulnrichment

Updated: 2026-01-20T21:38:21.337Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-19T18:16:05.170

Modified: 2026-01-28T18:46:17.950

Link: CVE-2026-23533

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-19T17:07:18Z

Links: CVE-2026-23533 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:15:15Z

Weaknesses