CVE-2026-57158 PUBLISHED

FreeRDP planar_decompress_plane_rle_only: heap OOB read — incomplete fix for CVE-2026-23530

Assigner: GitHub_M
Reserved: 24.06.2026 Published: 10.07.2026 Updated: 10.07.2026

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
CVSS Score: 5.1

Product Status

Vendor FreeRDP
Product FreeRDP
Versions
  • Version >= 3.21.0, < 3.28.0 is affected

References

Problem Types

  • CWE-125: Out-of-bounds Read CWE