CVE-2026-29776

LOW EPSS 7.1%
Published Mar 13, 20263mo ago · Modified Mar 17, 20263mo ago
3.1 CVSS 3.1
Low
Find Similar
Published Mar 13, 2026 3mo ago
Last Modified Mar 17, 2026 3mo ago

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0.

CVSS Details

Base Score
3.1
Exploitability
1.6
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability Low

Threat Intelligence

EPSS Exploit Probability
7.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 4

CWE-190 Integer Overflow or Wraparound Numeric Error
CWE-191
CWE-400 Uncontrolled Resource Consumption Resource Mgmt
CWE-789

Affected Products 1

VendorProductVersionRange
freerdpfreerdp* <3.24.0

References 2

  • github.com https://github.com/FreeRDP/FreeRDP/commit/a9e0abf2eac8c2e370fa155bf1abb9d044c0ca8a
    Patch
  • github.com https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c747-x4wf-cqrr
    PatchVendor Advisory

Remediation

  • github.com https://github.com/FreeRDP/FreeRDP/commit/a9e0abf2eac8c2e370fa155bf1abb9d044c0ca8a
    Patch
  • github.com https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c747-x4wf-cqrr
    PatchVendor Advisory