FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update_read_delta_points in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeof(DELTA_POINT), allowing a malicious RDP peer to allocate an undersized heap buffer and then write beyond it during initialization. This issue is fixed in version 3.28.0.
History

Sat, 11 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics threat_severity

None

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important


Fri, 10 Jul 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Fri, 10 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update_read_delta_points in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeof(DELTA_POINT), allowing a malicious RDP peer to allocate an undersized heap buffer and then write beyond it during initialization. This issue is fixed in version 3.28.0.
Title FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing
Weaknesses CWE-122
CWE-190
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-10T19:52:25.553Z

Reserved: 2026-06-24T01:45:48.698Z

Link: CVE-2026-57156

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-07-10T19:52:25Z

Links: CVE-2026-57156 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-10T21:45:16Z