CNNVD-202601-3018 Information
CNNVD ID
CNNVD-202601-3018
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
FreeRDP是FreeRDP团队的一款开源的远程桌面协议(RDP)的实现。 FreeRDP 3.21.0之前版本存在资源管理错误漏洞,该漏洞源于xf_Pointer_New函数在失败时释放cursorPixels,随后pointer_free再次调用xf_Pointer_Free并释放它,可能导致释放后重用,造成崩溃和潜在的堆损坏。
Description (English)
FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. The previous version of FreeRDP 3.21.0 had a resource management error loophole that originated from the xf Pointer New function, which released cursorPixels when it failed, and then re-called and released xf Pointer Free, which could lead to reuse after release, causing collapse and potential pile damage.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
FreeRDP
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/client/X11/xf_graphics.c#L312-L319 https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/client/X11/xf_graphics.c#L340 https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/pointer.c#L164-L174 https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qcrr-85qx-4p6x https://access.redhat.com/security/cve/cve-2026-23883
Patch
https://github.com/FreeRDP/FreeRDP/releases
Share on: