PT-2026-2930 · Freerdp+3 · Freerdp+3

Ehdgks0627

·

Published

2026-01-01

·

Updated

2026-04-07

·

CVE-2026-22852

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.20.1
Description A malicious RDP server can cause a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. The audin process formats function reuses the callback->formats count variable across multiple MSG SNDIN FORMATS Protocol Data Units (PDUs), leading to a write beyond the bounds of the newly allocated formats array and resulting in memory corruption and a crash.
Recommendations Update to version 3.20.1 or later.

Exploit

Fix

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2026:6340
ALSA-2026:6799
ALSA-2026:6918
BDU:2026-00624
CVE-2026-22852
GHSA-9CHC-G79V-4QQ4
MGASA-2026-0086
OESA-2026-1516
OESA-2026-1517
OESA-2026-1518
OESA-2026-1519
OESA-2026-1520
OESA-2026-1521
OPENSUSE-SU-2026:10059-1
OPENSUSE-SU-2026:10176-1
OPENSUSE-SU-2026:20320-1
OPENSUSE-SU-2026:20339-1
RHSA-2026:10076
RHSA-2026:10734
RHSA-2026:10735
RHSA-2026:10951
RHSA-2026:11323
RHSA-2026:19033
RHSA-2026:6340
RHSA-2026:6727
RHSA-2026:6743
RHSA-2026:6799
RHSA-2026:6918
RHSA-2026:6958
RHSA-2026:9640
RHSA-2026:9641
SUSE-SU-2026:0345-1
SUSE-SU-2026:0417-1
SUSE-SU-2026:0421-1
SUSE-SU-2026:0449-1
SUSE-SU-2026:0559-1
USN-8105-1

Affected Products

Freerdp
Linuxmint
Rocky Linux
Ubuntu