CVE-2026-33984
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels still points to the old, smaller buffer. On a subsequent call where count <= size (the inflated value), realloc is skipped. The caller then writes count * bpp bytes of attacker-controlled pixel data into the undersized buffer, causing a heap buffer overflow. This issue has been patched in version 3.24.2.
122
Heap-based Buffer Overflow
DraftCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Access Control
Other
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Modify Memory
Other
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
131
Incorrect Calculation of Buffer Size
DraftCommon Consequences
Security Scopes Affected:
Integrity
Availability
Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Read Memory
Modify Memory
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
https://github.com/FreeRDP/FreeRDP/commit/dc7fdb165095139be779a4000199bc1706b06…
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6