{
  "threat_severity" : "Moderate",
  "public_date" : "2026-01-19T17:12:57Z",
  "bugzilla" : {
    "description" : "freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow",
    "id" : "2430881",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2430881"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-122",
  "details" : [ "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client‑side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue.", "A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service (DoS) due to a crash. For this vulnerability to be exploited, a client must connect to a maliciously-configured server." ],
  "statement" : "For this vulnerability to be exploited, a client must connect to a maliciously-configured server. Red Hat recommends that FreeRDP clients are only used to connect to trusted servers.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-04-07T00:00:00Z",
    "advisory" : "RHSA-2026:6799",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "freerdp-2:3.10.3-5.el10_1.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19033",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "freerdp-2:3.10.3-12.el10_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-04-07T00:00:00Z",
    "advisory" : "RHSA-2026:6743",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "freerdp-2:3.10.3-3.el10_0.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2026-04-28T00:00:00Z",
    "advisory" : "RHSA-2026:11323",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "freerdp-0:2.1.1-5.el7_9.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-04-07T00:00:00Z",
    "advisory" : "RHSA-2026:6918",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "freerdp-2:2.11.7-6.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2026-04-27T00:00:00Z",
    "advisory" : "RHSA-2026:10734",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.2",
    "package" : "freerdp-2:2.0.0-46.rc4.el8_2.10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-04-27T00:00:00Z",
    "advisory" : "RHSA-2026:10735",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "freerdp-2:2.2.0-12.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-04-27T00:00:00Z",
    "advisory" : "RHSA-2026:10735",
    "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4",
    "package" : "freerdp-2:2.2.0-12.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-04-27T00:00:00Z",
    "advisory" : "RHSA-2026:10951",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "freerdp-2:2.2.0-7.el8_6.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2026-04-27T00:00:00Z",
    "advisory" : "RHSA-2026:10951",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.6",
    "package" : "freerdp-2:2.2.0-7.el8_6.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2026-04-27T00:00:00Z",
    "advisory" : "RHSA-2026:10951",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.6",
    "package" : "freerdp-2:2.2.0-7.el8_6.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-04-23T00:00:00Z",
    "advisory" : "RHSA-2026:10076",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.8",
    "package" : "freerdp-2:2.2.0-12.el8_8.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-04-23T00:00:00Z",
    "advisory" : "RHSA-2026:10076",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.8",
    "package" : "freerdp-2:2.2.0-12.el8_8.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-04-01T00:00:00Z",
    "advisory" : "RHSA-2026:6340",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "freerdp-2:2.11.7-1.el9_7.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-04-22T00:00:00Z",
    "advisory" : "RHSA-2026:9640",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "freerdp-2:2.4.1-3.el9_0.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-04-22T00:00:00Z",
    "advisory" : "RHSA-2026:9641",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "freerdp-2:2.4.1-6.el9_2.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-04-08T00:00:00Z",
    "advisory" : "RHSA-2026:6958",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "freerdp-2:2.11.2-1.el9_4.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-04-07T00:00:00Z",
    "advisory" : "RHSA-2026:6727",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "freerdp-2:2.11.7-1.el9_6.7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23732\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23732\nhttps://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/cache/glyph.c#L463-L480\nhttps://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/codec/color.c#L261-L277\nhttps://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/core/graphics.c#L138\nhttps://github.com/FreeRDP/FreeRDP/blob/f96ee2a6dd02739325c2a4e36a14978b561f00ea/libfreerdp/core/orders.c#L2186C17-L2199\nhttps://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7qxp-j2fj-c3pp" ],
  "name" : "CVE-2026-23732",
  "csaw" : false
}