CVE-2026-33977

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2

Description FreeRDP is a free implementation of the Remote Desktop Protocol. A malicious Remote Desktop Protocol (RDP) server can cause a FreeRDP client to crash by sending audio data in IMA ADPCM format with an invalid initial step index value (greater than or equal to 89). The unvalidated step index is read directly from the network and used to index into a lookup table, triggering a failure and process termination. This affects any FreeRDP client with audio redirection (RDPSND) enabled, which is the default configuration.

Recommendations Update to FreeRDP version 3.24.2 or later.