CVE-2026-25955 – FreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (stale XImage)

CVE ID : CVE-2026-25955

Published : Feb. 25, 2026, 8:32 p.m. | 36 minutes ago

Description : FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surface->data` without invalidating the `appWindow->image` that aliases it. Version 3.23.0 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-26271 – Buffer Overread in FreeRDP Icon Processing

CVE-2026-25997 – FreeRDP has heap-use-after-free in xf_clipboard_format_equal

CVE-2026-25959 – FreeRDP has heap-use-after-free in xf_cliprdr_provide_data_

CVE-2026-0542 – Remote Code Execution in ServiceNow AI Platform