CVE-2026-33984
Received Received - Intake
Heap Buffer Overflow in FreeRDP clear.c Causes Memory Corruption

Publication date: 2026-03-30

Last updated on: 2026-04-01

Assigner: GitHub, Inc.

Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels still points to the old, smaller buffer. On a subsequent call where count <= size (the inflated value), realloc is skipped. The caller then writes count * bpp bytes of attacker-controlled pixel data into the undersized buffer, causing a heap buffer overflow. This issue has been patched in version 3.24.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-01
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33984
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
freerdp freerdp to 3.24.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-131 The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in FreeRDP, a free implementation of the Remote Desktop Protocol, in versions prior to 3.24.2. The issue occurs in the function resize_vbar_entry() within the file libfreerdp/codec/clear.c. Specifically, the size field of a vBarEntry structure is updated before a memory reallocation call (winpr_aligned_recalloc). If this reallocation fails, the size remains inflated while the pixel buffer still points to the smaller, original memory area. On subsequent calls where the count is less than or equal to this inflated size, the reallocation is skipped, leading to a situation where attacker-controlled pixel data is written beyond the bounds of the allocated buffer. This causes a heap buffer overflow.

Impact Analysis

The heap buffer overflow caused by this vulnerability can lead to serious security impacts. According to the CVSS score of 7.5, it has high severity with potential consequences including confidentiality, integrity, and availability impacts. An attacker could exploit this flaw to execute arbitrary code, cause a denial of service, or corrupt memory, potentially compromising the affected system.

Mitigation Strategies

The vulnerability has been patched in FreeRDP version 3.24.2. To mitigate this vulnerability, you should update FreeRDP to version 3.24.2 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33984. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart