CVE-2026-26271 – Buffer Overread in FreeRDP Icon Processing

CVE ID : CVE-2026-26271

Published : Feb. 25, 2026, 8:40 p.m. | 28 minutes ago

Description : FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-25997 – FreeRDP has heap-use-after-free in xf_clipboard_format_equal

CVE-2026-25959 – FreeRDP has heap-use-after-free in xf_cliprdr_provide_data_

CVE-2026-0542 – Remote Code Execution in ServiceNow AI Platform

CVE-2026-25955 – FreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (stale XImage)