{"api_version":"1","generated_at":"2026-04-21T10:23:45+00:00","cve":"CVE-2026-33985","urls":{"html":"https://cve.report/CVE-2026-33985","api":"https://cve.report/api/cve/CVE-2026-33985.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-33985","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-33985"},"summary":{"title":"FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read","description":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-03-30 22:16:19","updated_at":"2026-04-01 20:01:13"},"problem_types":["CWE-125","CWE-131","CWE-125 CWE-125: Out-of-bounds Read","CWE-131 CWE-131: Incorrect Calculation of Buffer Size"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"}},{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"5.9","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"5.9","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L","version":"3.1"}}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25","name":"https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25","refsource":"security-advisories@github.com","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85","name":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85","refsource":"security-advisories@github.com","tags":["Patch","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-33985","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33985","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"FreeRDP","product":"FreeRDP","version":"affected < 3.24.2","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"33985","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"freerdp","cpe5":"freerdp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"33985","cve":"CVE-2026-33985","epss":"0.000440000","percentile":"0.133060000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:40"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-33985","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-03-31T18:50:32.422828Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-31T18:53:29.979Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"FreeRDP","vendor":"FreeRDP","versions":[{"status":"affected","version":"< 3.24.2"}]}],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"CWE-125: Out-of-bounds Read","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-131","description":"CWE-131: Incorrect Calculation of Buffer Size","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-30T21:43:13.335Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85","tags":["x_refsource_CONFIRM"],"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85"},{"name":"https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25","tags":["x_refsource_MISC"],"url":"https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25"}],"source":{"advisory":"GHSA-x6gr-8p7h-5h85","discovery":"UNKNOWN"},"title":"FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-33985","datePublished":"2026-03-30T21:43:13.335Z","dateReserved":"2026-03-24T22:20:06.211Z","dateUpdated":"2026-03-31T18:53:29.979Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-30 22:16:19","lastModifiedDate":"2026-04-01 20:01:13","problem_types":["CWE-125","CWE-131","CWE-125 CWE-125: Out-of-bounds Read","CWE-131 CWE-131: Incorrect Calculation of Buffer Size"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.24.2","matchCriteriaId":"03FF152C-C651-4586-8958-1555D9797516"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"33985","Ordinal":"1","Title":"FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read","CVE":"CVE-2026-33985","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"33985","Ordinal":"1","NoteData":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.","Type":"Description","Title":"FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read"}]}}}