Heap Buffer Overflow in FreeRDP Client Affecting Remote Desktop Functionality
CVE-2026-29774

5.3MEDIUM

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 13 March 2026

What is CVE-2026-29774?

The FreeRDP client, prior to version 3.24.0, is susceptible to a client-side heap buffer overflow in its AVC420/AVC444 YUV-to-RGB conversion process. This issue stems from insufficient validation of the horizontal bounds in the H.264 metablock regionRects coordinates. When processing a maliciously crafted packet that exceeds surface dimensions, unchecked pointer arithmetic can lead to the writing of data beyond allocated memory, potentially allowing an attacker to execute arbitrary code. The vulnerability has been addressed in version 3.24.0.

Affected Version(s)

FreeRDP < 3.24.0

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/FreeRDP/FreeRDP/commit/6482b7a92fff395...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-29774 Data

JSON

Freerdp

What is CVE-2026-29774?

Affected Version(s)

References

CVSS V3.1

Timeline