CVE-2026-23533

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L268-L281	Product
https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L336	Product
https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0	Release Notes
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-32q9-m5qr-9j2v	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

History

17 Jun 2026, 10:21

Type	Values Removed	Values Added
Summary		(es) FreeRDP es una implementación gratuita del Protocolo de Escritorio Remoto. Antes de la versión 3.21.0, se produce un desbordamiento de búfer de montón del lado del cliente en la ruta de decodificación RDPGFX ClearCodec cuando datos residuales creados maliciosamente causan escrituras fuera de límites durante la salida de color. Un servidor malicioso puede desencadenar un desbordamiento de búfer de montón del lado del cliente, causando un fallo (DoS) y una posible corrupción del montón con riesgo de ejecución de código dependiendo del comportamiento del asignador y del diseño del montón circundante. La versión 3.21.0 contiene un parche para el problema.

28 Jan 2026, 18:46

Type	Values Removed	Values Added
CPE		cpe:2.3:a:freerdp:freerdp::::::::
First Time		Freerdp Freerdp freerdp
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L268-L281 -~~	() https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L268-L281 - Product
References	~~() https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L336 -~~	() https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L336 - Product
References	~~() https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 -~~	() https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 - Release Notes
References	~~() https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-32q9-m5qr-9j2v -~~	() https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-32q9-m5qr-9j2v - Exploit, Vendor Advisory

19 Jan 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-19 18:16

Updated : 2026-06-17 10:21

NVD link : CVE-2026-23533

Mitre link : CVE-2026-23533

CVE.ORG link : CVE-2026-23533

JSON object : View

Products Affected

freerdp

freerdp

CWE

CWE-122

Heap-based Buffer Overflow

9.8 /10