Vulnerability in Freerdp

CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The u…

EPSS: 0.001 (21.9th percentile) — read the EPSS interpretation.

Affected products

Freerdp — versions < 3.24.2

Weakness classification (CWE)

CWE-617 — Reachable Assertion

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5 (x_refsource_CONFIRM)
https://github.com/FreeRDP/FreeRDP/commit/9be3f03d94a50892fd58a9f7dee72b2313c69b47 (x_refsource_MISC)