CVE-2023-40575 in FreeRDP
Summary
by MITRE • 09/01/2023
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` variable and results in crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/13/2026
The CVE-2023-40575 vulnerability affects FreeRDP, an open-source implementation of Microsoft's Remote Desktop Protocol that enables remote desktop connections across various platforms. This vulnerability manifests as an out-of-bounds read condition within the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function, which is responsible for color space conversion operations during RDP session processing. The flaw occurs when processing YUV444 color format data and specifically involves inadequate validation of source data parameters, particularly the `pSrc` variable that references the input data buffer. Such vulnerabilities in RDP implementations are particularly concerning as they can potentially be exploited by remote attackers to cause denial of service conditions or, in more severe scenarios, execute arbitrary code through memory corruption attacks.
The technical nature of this vulnerability aligns with CWE-125, which describes out-of-bounds read conditions where programs access memory locations beyond the bounds of allocated buffers. The flaw is specifically triggered when the `pSrc` variable does not contain sufficient data to properly execute the color conversion algorithm, leading to memory access violations that manifest as application crashes. This type of vulnerability falls under the broader category of buffer over-read issues that are common in multimedia processing libraries and graphics rendering components where complex data transformations occur. The vulnerability's impact is particularly significant in networked environments where FreeRDP is used for remote desktop services, as attackers could potentially exploit this to disrupt legitimate remote desktop sessions or cause system instability.
From an operational perspective, this vulnerability poses a substantial risk to organizations relying on FreeRDP for remote desktop infrastructure, particularly in enterprise environments where remote access capabilities are critical for business continuity. The out-of-bounds read condition can result in unpredictable application behavior including crashes, system hangs, and potential service disruption for legitimate users. The vulnerability affects versions prior to 3.0.0-beta3, meaning that organizations running older FreeRDP implementations are exposed to potential exploitation. Given the nature of RDP services, this vulnerability could be leveraged in broader attack campaigns targeting remote desktop infrastructure, potentially leading to more severe compromises if combined with other vulnerabilities in the RDP stack. The lack of known workarounds means that organizations must rely entirely on upgrading to the patched version to mitigate the risk.
Organizations should prioritize immediate upgrade to FreeRDP version 3.0.0-beta3 or later to remediate this vulnerability. Security teams should conduct comprehensive inventory assessments to identify all systems running affected FreeRDP versions and implement patch management procedures to ensure timely deployment. The vulnerability's classification as a memory corruption issue places it within ATT&CK framework domain of T1211 - Exploitation for Defense Evasion and T1499 - Endpoint Denial of Service, highlighting both the potential for service disruption and the possibility of more advanced exploitation techniques. Network segmentation and access controls should be reviewed to limit exposure of FreeRDP services to trusted networks only, while monitoring systems should be configured to detect unusual crash patterns or connection failures that might indicate exploitation attempts. The vulnerability underscores the importance of maintaining current security patches for remote access infrastructure and implementing robust software supply chain security practices to prevent the deployment of vulnerable components in production environments.