CVE-2026-24677

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.22.0

Description FreeRDP, a Remote Desktop Protocol implementation, contains a flaw in the ecam encoder compress h264 component. The component does not properly validate the source buffer size and relies on dimensions provided by the server, resulting in a potential out-of-bounds read when using the sws scale function.

Recommendations Update to version 3.22.0 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-06518

CVE-2026-24677

GHSA-XW37-J744-F8V7

MGASA-2026-0046

OPENSUSE-SU-2026:10132-1

OPENSUSE-SU-2026:20339-1

SUSE-SU-2026:0763-1

USN-8042-1

Affected Products

Freerdp

Linuxmint

Ubuntu

CVE-2026-24677

Weakness Enumeration

Related Identifiers

Affected Products

References · 130