CVE-2026-33984

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2

Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a heap buffer overflow exists in the resize vbar entry() function located in libfreerdp/codec/clear.c. Specifically, the vBarEntry->size variable is updated to vBarEntry->count before the winpr aligned recalloc() call. If the reallocation fails, the size variable becomes inflated while the pixels pointer still references the original, smaller buffer. A subsequent call, where count is less than or equal to the inflated size, bypasses the reallocation process. This allows the caller to write count * bpp bytes of attacker-controlled pixel data into the undersized buffer, resulting in a heap buffer overflow.

Recommendations Versions prior to 3.24.2 should be updated to version 3.24.2 or later.

Exploit

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-131

Related Identifiers

ALSA-2026:8457

ALSA-2026:8458

ALSA-2026:8945

BDU:2026-04671

CVE-2026-33984

GHSA-8469-2XCX-FRF6

OESA-2026-2036

OESA-2026-2037

OESA-2026-2038

OESA-2026-2039

OESA-2026-2040

OPENSUSE-SU-2026:10633-1

OPENSUSE-SU-2026:20657-1

RHSA-2026:10709

RHSA-2026:11332

RHSA-2026:11333

RHSA-2026:11336

RHSA-2026:11649

RHSA-2026:11651

RHSA-2026:8457

RHSA-2026:8458

RHSA-2026:8945

RHSA-2026:9656

SUSE-SU-2026:21436-1

Affected Products

Freerdp

Rocky Linux

CVE-2026-33984

Weakness Enumeration

Related Identifiers

Affected Products

References · 56