HIGH
FreeRDP
CVE published 2026-05-26
CVE-2026-40033
A heap-buffer-overflow vulnerability exists in FreeRDP versions prior to 3.26.0 within the gdi_CacheToSurface function. The flaw stems from a validation logic error: rectangle coordinates are clamped to UINT16_MAX during bounds checking, but subsequent copy operations use unclamped cache entry dimensions. This discrepancy allows a malicious RDP server to trigger out-of-bounds heap writes, potentially lead [truncated]