#VU125357 Out-of-bounds read in FreeRDP - CVE-2026-31897
Published: April 8, 2026
Vulnerability identifier: #VU125357
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31897
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FreeRDP
FreeRDP
Software vendor:
FreeRDP
FreeRDP
Description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in freerdp_bitmap_decompress_planar when processing a planar bitmap with SrcSize set to 0. A remote attacker can send a crafted RDPGFX Surface Command to disclose sensitive information.
User interaction is required, and the Bitmap Update PDU path is not affected because it validates the bitmap length before calling the decoder.
Remediation
Install security update from vendor's website.