UBUNTU-CVE-2026-33987 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2026-33987

HIGH7.1

Published Mar 30, 2026

Modified 4 days ago

Details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2.

Affected Packages

freerdp

Ubuntu 16.04 LTS

Affected versions:

1.1.0~git20140921.1.440916e+dfsg1-5ubuntu11.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.21.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.31.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4

freerdp

Ubuntu 18.04 LTS

Affected versions:

1.1.0~git20140921.1.440916e+dfsg1-15ubuntu11.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.11.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2

freerdp2

Ubuntu 22.04 LTS

Affected versions:

2.3.0+dfsg1-2build12.3.0+dfsg1-2ubuntu12.3.0+dfsg1-2ubuntu22.4.1+dfsg1-12.4.1+dfsg1-1ubuntu12.4.1+dfsg1-1ubuntu22.5.0+dfsg1-12.6.0+dfsg1-12.6.1+dfsg1-12.6.1+dfsg1-3+12 more

freerdp3

Ubuntu 24.04 LTS

Affected versions:

3.4.0+dfsg1-0ubuntu23.4.0+dfsg1-0ubuntu33.4.0+dfsg1-0ubuntu43.5.0+dfsg1-0ubuntu13.5.1+dfsg1-0ubuntu13.5.1+dfsg1-0ubuntu1.13.5.1+dfsg1-0ubuntu1.23.5.1+dfsg1-0ubuntu1.43.5.1+dfsg1-0ubuntu1.5

freerdp3

Ubuntu 25.10

Affected versions:

3.14.0+dfsg-1ubuntu13.15.0+dfsg-2.13.16.0+dfsg-1ubuntu13.16.0+dfsg-23.16.0+dfsg-2ubuntu0.13.16.0+dfsg-2ubuntu0.33.16.0+dfsg-2ubuntu0.4

freerdp2

Ubuntu Pro 18.04 LTS

Affected versions:

2.0.0~git20170725.1.1648deb+dfsg1-12.0.0~git20170725.1.1648deb+dfsg1-52.0.0~git20170725.1.1648deb+dfsg1-5ubuntu12.0.0~git20170725.1.1648deb+dfsg1-5ubuntu22.0.0~git20170725.1.1648deb+dfsg1-62.0.0~git20170725.1.1648deb+dfsg1-6build12.0.0~git20170725.1.1648deb+dfsg1-72.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.12.1.1+dfsg1-0ubuntu0.18.04.12.2.0+dfsg1-0ubuntu0.18.04.1+8 more

freerdp2

Ubuntu Pro 20.04 LTS

Affected versions:

2.0.0~git20190204.1.2693389a+dfsg1-12.0.0~git20190204.1.2693389a+dfsg1-22.0.0~git20190204.1.2693389a+dfsg1-2build12.0.0~git20190204.1.2693389a+dfsg1-2build22.1.1+dfsg1-0ubuntu0.20.04.12.2.0+dfsg1-0ubuntu0.20.04.12.2.0+dfsg1-0ubuntu0.20.04.22.2.0+dfsg1-0ubuntu0.20.04.32.2.0+dfsg1-0ubuntu0.20.04.42.2.0+dfsg1-0ubuntu0.20.04.5+6 more

freerdp2

Ubuntu Pro 24.04 LTS

Affected versions:

2.10.0+dfsg1-1.1ubuntu12.11.2+dfsg1-12.11.2+dfsg1-1build12.11.2+dfsg1-1build32.11.5+dfsg1-1build12.11.5+dfsg1-1build22.11.5+dfsg1-1ubuntu0.1~esm12.11.5+dfsg1-1ubuntu0.1~esm22.11.5+dfsg1-1ubuntu0.1~esm32.11.5+dfsg1-1ubuntu0.1~esm4+1 more

References

REPORT

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ff8h-p5vc-wcwc

REPORT

https://ubuntu.com/security/CVE-2026-33987

REPORT

https://www.cve.org/CVERecord?id=CVE-2026-33987

CVSS Analysis

CVSS v3.1

Exploitability

Attack Vector

LocalAV:L