VDB

TNCVE-2026-33987

TNCVE-2026-33987 PUBLISHED

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2.

Timeline

  • Mar 30, 2026 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›