CVE-2026-57157

medium
Published 2026-07-10 · Modified 2026-07-10
CVSS v3
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVSS v4 NEW
—
not yet in upstream
VIR risk
6.5

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in channels/rdpecam/server/camera_device_enumerator_main.c and then dereference once past the scan bound, allowing a malicious RDP client to trigger a 1- to 2-byte out-of-bounds heap read. This issue is fixed in version 3.28.0.

Predictions

Exploit likelihood
75%
Patch ETA
—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2026-57157 NameCVE-2026-57157 SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on source packages. Source PackageReleaseVersionStatus freerdp2 (PTS)bullseye2.3.0+dfsg1-2+deb11u1vulnerable bullseye…

CVE-2026-57157

NameCVE-2026-57157
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freerdp2 (PTS)bullseye2.3.0+dfsg1-2+deb11u1vulnerable
bullseye (security)2.3.0+dfsg1-2+deb11u3vulnerable
bookworm2.11.7+dfsg1-6~deb12u1vulnerable
freerdp3 (PTS)trixie3.15.0+dfsg-2.1+deb13u3vulnerable
forky3.27.0+dfsg-1vulnerable
sid3.28.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freerdp2source(unstable)(unfixed)
freerdp3source(unstable)3.28.0+dfsg-1

Notes

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47fr-jw86-c3fj

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47fr-jw86-c3fj

OS impact

debian Debian Mixed 5 releases
VersionStatusFixed in
trixie Affected —
sid Fixed 3.28.0+dfsg-1
forky Affected —
bullseye Affected —
bookworm Affected —

References

CWEs

CWE-125

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.