CNNVD-202601-3021 Information
CNNVD ID
CNNVD-202601-3021
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
FreeRDP是FreeRDP团队的一款开源的远程桌面协议(RDP)的实现。 FreeRDP 3.21.0之前版本存在安全漏洞,该漏洞源于FastGlyph解析信任cbData且未根据cx和cy验证最小大小,可能导致全局缓冲区溢出,进而引发崩溃。
Description (English)
FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. There was a security loophole in the pre-FreeRDP 3.21.0 version, which originated from FastGlyph’s analysis of confidence cbData and did not verify the minimum size based on cx and ccy, which could lead to an spill out of the global buffer zone, leading to a breakdown.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
FreeRDP
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/cache/glyph.c#L463-L480 https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/codec/color.c#L261-L277 https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/core/graphics.c#L138 https://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/core/orders.c#L2186C17-L2199 https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7qxp-j2fj-c3pp https://access.redhat.com/security/cve/cve-2026-23732
Patch
https://github.com/FreeRDP/FreeRDP/releases
Share on: