VYPR
High severity7.1NVD Advisory· Published Mar 30, 2026· Updated Apr 1, 2026

CVE-2026-33987

CVE-2026-33987

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.