{
  "threat_severity" : "Important",
  "public_date" : "2026-03-30T21:43:21Z",
  "bugzilla" : {
    "description" : "FreeRDP: FreeRDP: Arbitrary code execution or denial of service via H.264 codec memory allocation vulnerability",
    "id" : "2453221",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2453221"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-131",
  "details" : [ "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() call fails, the function returns FALSE but width/height are already inflated. This issue has been patched in version 3.24.2.", "A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a memory allocation vulnerability in the H.264 codec by enticing a user to connect to a malicious server. This flaw occurs when internal buffer dimensions are incorrectly updated after a failed memory reallocation, potentially leading to a heap-based buffer overflow. Successful exploitation could result in arbitrary code execution or a denial of service (DoS), compromising the availability, integrity, and confidentiality of the affected system." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-33986\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33986\nhttps://github.com/FreeRDP/FreeRDP/commit/f6e43e208958140074ae9bb93cd0c9045a371c77\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97" ],
  "name" : "CVE-2026-33986",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}