NIXPKGS-2026-0854

GitHub issue published on 31 Mar 2026

Permalink CVE-2026-33985

5.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): LOW

updated 15 hours ago by @mweinelt Activity log

Created automatic suggestion 1 day ago
@mweinelt accepted 15 hours ago
@mweinelt published on GitHub 15 hours ago

FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85 x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25 x_refsource_MISC

Affected products

FreeRDP

==< 3.24.2

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.24.1
- nixpkgs-unstable 3.24.1
- nixos-unstable-small 3.24.2
nixos-25.11 3.23.0
- nixos-25.11-small 3.23.0
- nixpkgs-25.11-darwin 3.23.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0854

References

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers