CVE-2026-33985 | THREATINT

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

PUBLISHED Reserved 2026-03-24 | Published 2026-03-30 | Updated 2026-03-31 | Assigner GitHub_M

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L

Problem types

CWE-125: Out-of-bounds Read

CWE-131: Incorrect Calculation of Buffer Size

Product status

< 3.24.2

affected

References

github.com/...reeRDP/security/advisories/GHSA-x6gr-8p7h-5h85

github.com/...ommit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25

cve.org (CVE-2026-33985)

nvd.nist.gov (CVE-2026-33985)

Download JSON