Bug 2499159 (CVE-2026-55827)
| Summary: | CVE-2026-55827 FreeRDP: FreeRDP: Remote code execution via heap out-of-bounds write in RemoteFX decoding | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | rhel-process-autobot, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in FreeRDP. FreeRDP clients using the non-default /cache:codec:rfx option are vulnerable to a heap out-of-bounds write. A malicious Remote Desktop Protocol (RDP) server can exploit this by manipulating desktop stride and height values during RemoteFX decoding for Cache Bitmap V3 data. This can lead to arbitrary code execution on the client system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2499223, 2499224, 2499227 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-07-10 20:01:59 UTC
|