CNNVD-202602-1322 Information

CNNVD ID

CNNVD-202602-1322

Related CVE

CVE-2026-24677

• CNNVD Published: 2026-02-09

Description (Chinese)

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP 3.22.0之前版本存在资源管理错误漏洞，该漏洞源于ecam_encoder_compress_h264信任服务器控制的维度且未验证源缓冲区大小，可能导致越界读取。

Description (English)

FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. The previous version of FreeRDP 3.22.0 had a resource management error loophole that originated from the dimensions controlled by the ecam encoder compress h264 trusted server and the size of the unverified source buffer zone, which could lead to cross-border reading.

Vulnerability Type

资源管理错误

Affected Vendor

FreeRDP

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/FreeRDP/FreeRDP/commit/d2d4f449312ddafd4a4c6c8a4f856c7f0d44a3b5 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xw37-j744-f8v7

Patch

https://github.com/FreeRDP/FreeRDP/releases