Home / Vulnerability Intelligence / CVE-2026-31897

CVE-2026-31897 - Vulnerability Analysis

None

Last Updated: March 17, 2026

FreeRDP - Out of Bounds Read

Published: March 13, 2026Updated: March 17, 2026PoC AvailableRemote Exploitable

Overview

FreeRDP < 3.24.0 contains an out-of-bounds read caused by dereferencing a pointer without verifying SrcSize in freerdp_bitmap_decompress_planar, letting attackers cause a denial of service, exploit requires crafted input with SrcSize 0.

Severity & Score

Severity: None

Impact

Attackers can cause a denial of service by triggering out-of-bounds read, potentially crashing the application.

Mitigation

Upgrade to version 3.24.0 or later.

References

https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31897
Severity: None
Type: out_of_bounds_rw
Status: confirmed

CWE

CWE-125

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N