CVE-2026-33986 in FreeRDPinfo

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() call fails, the function returns FALSE but width/height are already inflated. This issue has been patched in version 3.24.2.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

GitHub_M

Reservation

03/24/2026

Disclosure

03/31/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
354277	FreeRDP h264.c yuv_ensure_buffer heap-based overflow	122	Not defined	Official fix	CVE-2026-33986

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!