Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels still points to the old, smaller buffer. On a subsequent call where count <= size (the inflated value), realloc is skipped. The caller then writes count * bpp bytes of attacker-controlled pixel data into the undersized buffer, causing a heap buffer overflow. This issue has been patched in version 3.24.2.

INFO

Published Date :

2026-03-30T21:42:57.090Z

Last Modified :

2026-03-30T21:42:57.090Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33984 vulnerability.

Vendors Products
Freerdp
  • Freerdp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33984.

URL Resource
https://github.com/FreeRDP/FreeRDP/commit/dc7fdb165095139be779a4000199bc1706b06ad5 cve-icon cve-icon cve-icon
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact