CVE-2026-57158 in FreeRDPinfo

Summary

by MITRE • 07/10/2026

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/10/2026

The vulnerability affects FreeRDP clients that utilize the GFX pipeline for remote desktop connections, specifically targeting versions between 3.21.0 and 3.27.9. This represents a critical buffer overflow condition that arises from improper memory boundary checking during RDPGFX command processing. The flaw manifests in the planar_decompress_plane_rle_only function located within libfreerdp/codec/planar.c, where the implementation fails to adequately validate input buffer boundaries when handling planar payload data. This vulnerability falls under CWE-125 Uncontrolled Buffer Read, which is a well-known class of memory safety issues that can lead to information disclosure or potential code execution.

The technical exploitation occurs when a malicious RDP server sends a specially crafted RDPGFX_CMDID_WIRETOSURFACE_1 command containing a truncated planar payload. During decompression processing, the client reads one byte beyond the allocated input buffer boundaries, creating an out-of-bounds memory access condition. This type of vulnerability is particularly dangerous in remote desktop scenarios because it allows attackers to manipulate memory contents without direct system access. The issue demonstrates characteristics consistent with CWE-787 Out-of-bounds Write and CWE-129 Improper Validation of Array Index, where the application fails to validate that data being read falls within expected bounds.

Operationally, this vulnerability presents significant risks to organizations relying on FreeRDP clients for remote desktop connectivity. An attacker positioned between the client and server could exploit this weakness to either extract sensitive memory contents through information disclosure or potentially manipulate program execution flow. The impact extends beyond simple data leakage, as this type of buffer overflow can serve as a stepping stone for more sophisticated attacks within the context of remote desktop protocols. The vulnerability affects not only the integrity of the RDP connection but also the overall security posture of systems using FreeRDP clients in enterprise environments where remote access is prevalent.

Mitigation strategies should prioritize immediate upgrade to FreeRDP version 3.28.0 or later, which contains the necessary patch addressing the buffer overflow condition. Organizations should implement network segmentation and monitoring to detect unusual RDP traffic patterns that might indicate exploitation attempts. Additionally, security teams should consider deploying intrusion detection systems capable of identifying malformed RDPGFX commands and implementing strict access controls for RDP services. The fix implemented in version 3.28.0 likely includes proper input validation and boundary checking mechanisms that prevent the out-of-bounds memory read operation. This vulnerability aligns with ATT&CK technique T1071.004 Application Layer Protocol: Remote Services, where adversaries exploit weaknesses in remote desktop implementations to gain unauthorized access or extract information from target systems.

Responsible

GitHub M

Reservation

06/24/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!