Security Advisory

CVE-2026-25955

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-25 20:32:42

Last updated 2026-02-26 15:54:09

Assigner GitHub_M

State PUBLISHED

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surface->data` without invalidating the `appWindow->image` that aliases it. Version 3.23.0 fixes the issue.

← Browse all CVEs View on cve.org ↗