PT-2026-29136 · Freerdp+2 · Freerdp+2

Calvinytt

Published

2026-01-01

Updated

2026-06-15

CVE-2026-33983

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2

Description FreeRDP is a free implementation of the Remote Desktop Protocol. The progressive decompress tile upgrade() function detects a mismatch through progressive rfx quant cmp equal() but only emits a warning, allowing execution to continue. A wrapped value (247) is used as a shift exponent, leading to undefined behavior and a loop of approximately 80 billion iterations, resulting in a CPU denial of service (DoS).

Recommendations Update to version 3.24.2 or later.

Exploit

Fix

DoS

Integer Overflow

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-252

Related Identifiers

ALSA-2026:8457

ALSA-2026:8458

ALSA-2026:8945

BDU:2026-04670

CVE-2026-33983

GHSA-4GFM-4P52-H478

OESA-2026-2036

OESA-2026-2037

OESA-2026-2038

OESA-2026-2039

OESA-2026-2040

OPENSUSE-SU-2026:10633-1

OPENSUSE-SU-2026:20657-1

RHSA-2026:10709

RHSA-2026:11332

RHSA-2026:11333

RHSA-2026:11336

RHSA-2026:11649

RHSA-2026:11651

RHSA-2026:12359

RHSA-2026:12388

RHSA-2026:19349

RHSA-2026:8457

RHSA-2026:8458

RHSA-2026:8945

RHSA-2026:9656

SUSE-SU-2026:21436-1

Affected Products

Freerdp

Red Os

Rocky Linux

PT-2026-29136 · Freerdp+2 · Freerdp+2

CVE-2026-33983

Weakness Enumeration

Related Identifiers

Affected Products

References · 58