PT-2026-29137 · Freerdp+2 · Freerdp+2

Calvinytt

·

Publicado

2026-01-01

·

Atualizado

2026-06-15

·

CVE-2026-33984

CVSS v2.0

7.6

Alta

VetorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a heap buffer overflow exists in the resize vbar entry() function located in libfreerdp/codec/clear.c. Specifically, the vBarEntry->size variable is updated to vBarEntry->count before the winpr aligned recalloc() call. If the reallocation fails, the size variable becomes inflated while the pixels pointer still references the original, smaller buffer. A subsequent call, where count is less than or equal to the inflated size, bypasses the reallocation process. This allows the caller to write count * bpp bytes of attacker-controlled pixel data into the undersized buffer, resulting in a heap buffer overflow.
Recommendations Versions prior to 3.24.2 should be updated to version 3.24.2 or later.

Exploit

Correção

DoS

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-131CWE-122

Identificadores relacionados

ALSA-2026:8457
ALSA-2026:8458
ALSA-2026:8945
BDU:2026-04671
CVE-2026-33984
GHSA-8469-2XCX-FRF6
OESA-2026-2036
OESA-2026-2037
OESA-2026-2038
OESA-2026-2039
OESA-2026-2040
OPENSUSE-SU-2026:10633-1
OPENSUSE-SU-2026:20657-1
RHSA-2026:10709
RHSA-2026:11332
RHSA-2026:11333
RHSA-2026:11336
RHSA-2026:11649
RHSA-2026:11651
RHSA-2026:8457
RHSA-2026:8458
RHSA-2026:8945
RHSA-2026:9656
SUSE-SU-2026:21436-1

Produtos afetados

Freerdp
Red Os
Rocky Linux