NIXPKGS-2026-0854

GitHub issue published on

Permalink CVE-2026-33985

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 1 month, 4 weeks ago by @mweinelt Activity log

Created suggestion 1 month, 4 weeks ago
@mweinelt accepted 1 month, 4 weeks ago
@mweinelt published on GitHub 1 month, 4 weeks ago

FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85 x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25 x_refsource_MISC

Affected products

FreeRDP

==< 3.24.2

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.24.1
- nixpkgs-unstable 3.24.1
- nixos-unstable-small 3.24.2
nixos-25.11 3.23.0
- nixos-25.11-small 3.23.0
- nixpkgs-25.11-darwin 3.23.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0854

References

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers