{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31897", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-09T21:59:02.689Z", "datePublished": "2026-03-13T17:42:11.932Z", "dateUpdated": "2026-03-13T18:10:06.909Z"}, "containers": {"cna": {"title": "FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 0, "baseSeverity": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x"}, {"name": "https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7", "tags": ["x_refsource_MISC"], "url": "https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7"}], "affected": [{"vendor": "FreeRDP", "product": "FreeRDP", "versions": [{"version": "< 3.24.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T17:42:11.932Z"}, "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0."}], "source": {"advisory": "GHSA-xgv6-r22m-7c9x", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T18:09:57.983306Z", "id": "CVE-2026-31897", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:10:06.909Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31897", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:09:57.983306Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:10:02.680Z"}}], "cna": {"title": "FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`", "source": {"advisory": "GHSA-xgv6-r22m-7c9x", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 0, "attackVector": "NETWORK", "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "FreeRDP", "product": "FreeRDP", "versions": [{"status": "affected", "version": "< 3.24.0"}]}], "references": [{"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x", "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7", "name": "https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T17:42:11.932Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31897", "state": "PUBLISHED", "dateUpdated": "2026-03-13T18:10:06.909Z", "dateReserved": "2026-03-09T21:59:02.689Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-13T17:42:11.932Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "97FCA262-35C3-4B6B-A321-15CE780FCA20", "versionEndExcluding": "3.24.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0."}], "id": "CVE-2026-31897", "lastModified": "2026-03-17T12:57:00.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 0.0, "baseSeverity": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 0.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-13T19:54:38.023", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "freerdp: FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`", "id": "2447380", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447380"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["An out of bounds read flaw has been discovered in FreeRDP. This Out-of-bounds read exists in the `freerdp_bitmap_decompress_planar` function when SrcSize is 0. This flaw may allow an attcker to read of 1 byte from heap memory in some situation. The more common and expected impact is a crash when the read hits an unmapped page."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-31897", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-13T17:42:11Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31897\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31897\nhttps://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.24.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FreeRDP", "source": "cna", "vendor": "FreeRDP"}, "product": "freerdp", "vendor": "freerdp"}], "analysis": {"en": {"generated_at": "2026-03-17T17:19:36.517985+00:00", "value": {"mitigation_remediation": ["Upgrade FreeRDP to version 3.24.0 or later"], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "All installations of FreeRDP older than version 3.24.0 are affected. The product is identified by the CPE cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*.* and is used in environments that deploy the Remote Desktop Protocol via the open-source client. The vulnerability is present in the bitmap decompression routine that processes incoming RDP bitmaps.", "description_and_impact": "An out-of-bounds read occurs in the FreeRDP function freerdp_bitmap_decompress_planar when the source size (SrcSize) is zero. The code dereferences a pointer to the source buffer without checking that the buffer has at least one byte, causing the function to read one byte past the end of the buffer. Because the data being read comes from the application\u2019s memory, this vulnerability can leak arbitrary memory contents to the attacker, potentially exposing sensitive information. The flaw does not provide execution or denial-of-service capabilities directly.", "risk_and_exploitability": "The EPSS score is below 1\u00a0%, indicating a low probability of automated exploitation, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker able to send a malformed RDP packet that triggers bitmap decompression with a zero source size, which is typically only possible when the server accepts bitmap data from an untrusted client. Consequently, the overall risk is considered low for most deployments, but systems that accept arbitrary bitmap data from untrusted users should still apply the patch promptly. No CVSS score is provided in the data, but the impact is limited to information disclosure."}}}}, "created": "2026-03-16T09:24:46.521187+00:00", "updated": "2026-03-23T13:40:37.880437+00:00", "vendors": ["freerdp", "freerdp$PRODUCT$freerdp"]}