Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-23534

created 2 months, 4 weeks ago

FreeRDP has heap-buffer-overflow in clear_decompress_bands_data

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3frr-mp8w-4599 x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L878-L879 x_refsource_MISC
https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L883-L884 x_refsource_MISC
https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 x_refsource_MISC

Affected products

FreeRDP

==< 3.21.0

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-25.11 3.17.2
- nixpkgs-25.11-darwin 3.17.2

pkgs.freerdpUnstable

Remote Desktop Protocol Client

nixos-unstable 3.16.0
- nixpkgs-unstable 3.16.0
- nixos-unstable-small 3.16.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>