DEBIAN-CVE-2026-33982

DEBIAN-CVE-2026-33982 PUBLISHED CVSS 8.100000381469727 HIGH

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2.

Risk Scores

CVSS 3.1

8.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	freerdp3	3.23.0+dfsg-1~bpo13+1, 3.23.0+dfsg-1, 3.22.0+dfsg-3
Debian:12	freerdp2	2.11.7+dfsg1-5, 2.11.7+dfsg1-6~deb12u1, *
Debian:14	freerdp3	3.22.0+dfsg, 3.15.0+dfsg-2.1, 3.16.0+dfsg-1
Debian:11	freerdp2	2.10.0+dfsg1, 2.10.0+dfsg1, 2.10.0+dfsg1

Timeline

Mar 30, 2026 CVE Published
May 16, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-33982 advisory

Open in Interactive Console →