CVE-2026-24684 — Use After Free in Freerdp

CWE-416 — Use After Free CWE-131 — Incorrect Calculation of Buffer Size8 documents7 sources

Severity

8.7HIGHNVD

OSV6.9

EPSS

0.0%

top 95.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Debian Freerdp2 Debian Freerdp3

Timeline

PublishedFeb 9

Latest updateFeb 16

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDfreerdp/freerdp< 3.22.0

▶debiandebian/freerdp2< freerdp3 3.22.0+dfsg-1 (forky)

▶debiandebian/freerdp3< freerdp3 3.22.0+dfsg-1 (forky)

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

freerdp2, freerdp3 vulnerabilities↗2026-02-16

▶

OSV

CVE-2026-24684: FreeRDP is a free implementation of the Remote Desktop Protocol↗2026-02-09

▶

📋Vendor Advisories

Ubuntu

FreeRDP vulnerabilities↗2026-02-16

▶

Red Hat

freerdp: FreeRDP has a Heap-use-after-free in play_thread↗2026-02-09

▶

Debian

CVE-2026-24684: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-24684 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-24684 freerdp: FreeRDP has a Heap-use-after-free in play_thread↗2026-02-09

▶