CVE-2026-24684

High CVSS: 8.7

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.

Vendor

Freerdp

Product

Freerdp

CWE

CWE-416

Yayın Tarihi

2026-02-09 19:15:50

Güncelleme

2026-02-10 15:02:32

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-416 Freerdp HIGH Freerdp 2026

Referanslar

https://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696 https://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q

Benzer Kayıtlar

High

CVE-2026-33987

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry…

Medium

CVE-2026-33995

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in…

Medium

CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can cra…

High

CVE-2026-33982

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflo…

Medium

CVE-2026-33983

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_up…

High

CVE-2026-33984

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libf…