{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33985", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T22:20:06.211Z", "datePublished": "2026-03-30T21:43:13.335Z", "dateUpdated": "2026-03-31T18:53:29.979Z"}, "containers": {"cna": {"title": "FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-131", "lang": "en", "description": "CWE-131: Incorrect Calculation of Buffer Size", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85"}, {"name": "https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25", "tags": ["x_refsource_MISC"], "url": "https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25"}], "affected": [{"vendor": "FreeRDP", "product": "FreeRDP", "versions": [{"version": "< 3.24.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T21:43:13.335Z"}, "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2."}], "source": {"advisory": "GHSA-x6gr-8p7h-5h85", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T18:50:32.422828Z", "id": "CVE-2026-33985", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T18:53:29.979Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read", "source": {"advisory": "GHSA-x6gr-8p7h-5h85", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "FreeRDP", "product": "FreeRDP", "versions": [{"status": "affected", "version": "< 3.24.2"}]}], "references": [{"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85", "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25", "name": "https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-131", "description": "CWE-131: Incorrect Calculation of Buffer Size"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T21:43:13.335Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33985", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T18:50:32.422828Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-31T18:50:33.418Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-33985", "state": "PUBLISHED", "dateUpdated": "2026-03-30T21:43:13.335Z", "dateReserved": "2026-03-24T22:20:06.211Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-30T21:43:13.335Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "03FF152C-C651-4586-8958-1555D9797516", "versionEndExcluding": "3.24.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2."}, {"lang": "es", "value": "FreeRDP es una implementaci\u00f3n gratuita del Protocolo de Escritorio Remoto. Antes de la versi\u00f3n 3.24.2, los datos de p\u00edxeles de memoria heap adyacente se renderizan en pantalla, lo que podr\u00eda filtrar datos sensibles al atacante. Este problema ha sido parcheado en la versi\u00f3n 3.24.2."}], "id": "CVE-2026-33985", "lastModified": "2026-04-01T20:01:13.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-30T22:16:19.720", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-131"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read", "id": "2453217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453217"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-125", "details": ["FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.", "A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a vulnerability where pixel data from adjacent heap memory is rendered to the screen. This can lead to the disclosure of sensitive data to the attacker."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-33985", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-30T21:43:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-33985\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33985\nhttps://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.24.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FreeRDP", "source": "cna", "vendor": "FreeRDP"}, "product": "freerdp", "vendor": "freerdp"}], "analysis": {"en": {"generated_at": "2026-03-31T05:58:09.645725+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch to upgrade to FreeRDP 3.24.2 or later.", "Verify that the ClearCodec glyph cache count desynchronization issue is fixed by checking the patched source commit c49d1ad or the released version.", "If upgrade is not immediately possible, limit RDP exposure and enforce strict access control to mitigate indirect disclosure risks.", "Review any custom configurations and ensure no older builds are in use."], "summary": {"action": "Update to 3.24.2", "impact": "Information Disclosure via Heap OOB Read"}, "threat_synthesis": {"affected_systems": "The flaw exists in all FreeRDP releases prior to version\u202f3.24.2. Users running an older instance of the Open\u2011Source Remote Desktop Protocol client are affected.", "description_and_impact": "A heap out\u2011of\u2011bounds read in FreeRDP\u2019s ClearCodec glyph cache desynchronization allows an attacker to read arbitrary neighboring heap memory and render that data to the screen. The consequence is that sensitive information may be exposed to the attacker through the display. This type of weakness matches known CWE\u2011125 and CWE\u2011131 conditions.", "risk_and_exploitability": "The vulnerability is assigned a CVSS score of 5.9, reflecting moderate severity. No EPSS score is currently available and the issue is not listed in the CISA KEV catalog. Exploitation would require the attacker to establish an RDP session that triggers the glyph cache rendering path; once engaged, the attacker can view arbitrary data that may have been leaked, representing a moderate risk to confidentiality in exposed environments."}}}}, "created": "2026-03-31T19:57:10.722729+00:00", "updated": "2026-03-31T20:39:55.186347+00:00", "vendors": ["freerdp", "freerdp$PRODUCT$freerdp"]}