High severity8.8NVD Advisory· Published May 26, 2026· Updated May 27, 2026
CVE-2026-40033
CVE-2026-40033
Description
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/freerdp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 3.26.0-3.1+ 2 more
- (no CPE)range: < 3.26.0-3.1
- (no CPE)range: < 3.26.0-160000.1.1
- (no CPE)range: < 3.26.0-160000.1.1
Patches
Vulnerability mechanics
References
3- github.com/FreeRDP/FreeRDP/commit/23b36cd00ebf0ccd97750fcdbc9aa2f362352da7nvdPatch
- github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ffnvdExploitMitigationVendor Advisory
- www.vulncheck.com/advisories/freerdp-heap-buffer-overflow-in-gdi-cachetosurface-via-rectangle-validation-bypassnvdThird Party Advisory
News mentions
0No linked articles in our index yet.