FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Freerdp
Freerdp freerdp |
|
| Vendors & Products |
Freerdp
Freerdp freerdp |
Fri, 10 Jul 2026 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0. | |
| Title | FreeRDP planar_decompress_plane_rle_only: heap OOB read — incomplete fix for CVE-2026-23530 | |
| Weaknesses | CWE-125 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-10T19:49:03.646Z
Reserved: 2026-06-24T01:45:48.698Z
Link: CVE-2026-57158
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-10T21:45:16Z