2447380 – (CVE-2026-31897) CVE-2026-31897 freerdp: FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`

Bug 2447380 (CVE-2026-31897) - CVE-2026-31897 freerdp: FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`

Summary: CVE-2026-31897 freerdp: FreeRDP has an out-of-bounds read in `freerdp_bitmap_...

Keywords:
Status:	NEW
Alias:	CVE-2026-31897
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2447425 2447429 2447417
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-13 18:04 UTC by OSIDB Bzimport
Modified:	2026-03-13 19:46 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-13 18:04:17 UTC

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.

Note You need to log in before you can comment on or make changes to this bug.