Volerion logoVolerion
Volerion logoVolerion

FreeRDP ClearCodec Client-Side Heap Buffer Overflow Vulnerability

Vulnerability

A client-side heap buffer overflow vulnerability has been identified in FreeRDP, a free implementation of the Remote Desktop Protocol. This issue occurs in the ClearCodec bands decode path, prior to version 3.21.0. The vulnerability is triggered when crafted band coordinates allow writes beyond the end of the destination surface buffer. A malicious server can exploit this flaw, leading to a crash and potential heap corruption, with a risk of code execution depending on the behavior of the memory allocator and the surrounding heap layout.

Impact

Exploitation of this vulnerability causes a crash and potential heap corruption, with a risk of code execution depending on allocator behavior and the surrounding heap layout.

Reproduction

The vulnerability can be reproduced by sending a `WIRE_TO_SURFACE_PDU_1` that includes crafted band coordinates. These coordinates should be designed to write past the end of the destination surface buffer, exploiting the inadequate bounds checking in the ClearCodec bands decode path.

Remediation

Users can upgrade to FreeRDP version 3.21.0 or later, where this vulnerability has been patched.

Added: Jan 19, 2026, 6:27 PM
Updated: Jan 19, 2026, 6:27 PM

Vulnerability Rating

Custom Algorithm
spread
5.4
impact
10.0
exploitability
5.0
remediation
7.7
relevance
2.1
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.