CVE-2026-33985 — Out-of-bounds Read in Freerdp

CWE-125 — Out-of-bounds Read CWE-131 — Incorrect Calculation of Buffer Size6 documents6 sources

Severity

7.1HIGHNVD

CNA5.9

EPSS

0.0%

top 86.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp

Timeline

PublishedMar 30

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

▶CVEListV5freerdp/freerdp< 3.24.2

▶NVDfreerdp/freerdp< 3.24.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read↗2026-03-30

▶

OSV

CVE-2026-33985: FreeRDP is a free implementation of the Remote Desktop Protocol↗2026-03-30

▶

📋Vendor Advisories

Red Hat

FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read↗2026-03-30

▶

Debian

CVE-2026-33985: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-33985 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶