CVE-2026-33985

FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read

CVSS 5.9 MEDIUMEPSS 0.2%CWE-125 CWE-131

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.9EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

30 mar 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L

Produtos afetados

FreeRDP · FreeRDP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85