CVE-2026-24677Use After Free in Freerdp

CWE-416Use After FreeCWE-825Expired Pointer Dereference8 documents7 sources
Severity
8.7HIGHNVD
OSV6.9
EPSS
0.0%
top 93.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FreerdpDebian Freerdp2Debian Freerdp3
Timeline
PublishedFeb 9
Latest updateFeb 16

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in sws_scale. This vulnerability is fixed in 3.22.0.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5freerdp/freerdp< 3.22.0
NVDfreerdp/freerdp< 3.22.0
debiandebian/freerdp2< freerdp3 3.22.0+dfsg-1 (forky)
debiandebian/freerdp3< freerdp3 3.22.0+dfsg-1 (forky)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
freerdp2, freerdp3 vulnerabilities2026-02-16
OSV
CVE-2026-24677: FreeRDP is a free implementation of the Remote Desktop Protocol2026-02-09
CVEList
FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h2642026-02-09

📋Vendor Advisories

3
Ubuntu
FreeRDP vulnerabilities2026-02-16
Red Hat
freerdp: FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h2642026-02-09
Debian
CVE-2026-24677: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-24677 Impact, Exploitability, and Mitigation Steps | Wiz