CVE-2026-31897CRITICAL 9.1EPSS p20.0%

CVE-2026-31897CVE-2026-31897

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.29% probability of exploitation · percentile 20.0% · 2026-06-18T12:00:27Z
Published2026-03-13
Last modified2026-03-17

Underlying weaknesses· 1

CWE-125

References

  1. https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7
  2. https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Readcwe-1250%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-29775
CVE
CVE-2026-31885
CVE
CVE-2026-23530
CVE
CVE-2026-24677
CVE
CVE-2026-23531
CVE
CVE-2026-31806
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.