CVE-2026-33987

Published March 30th, 2026

View on NVD ↗

CVSS v3

7.1

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2.

FreeRDP/FreeRDP

FreeRDP is a free remote desktop protocol library and clients

GitHub

13.3K