PT-2026-7039 · Freerdp+2 · Freerdp+2

Ehdgks0627

Published

2026-01-01

Updated

2026-03-10

CVE-2026-24680

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.22.0

Description FreeRDP, a free implementation of the Remote Desktop Protocol, contains a flaw related to memory management. Specifically, versions before 3.22.0 improperly handle memory deallocation within the sdl Pointer New function. This occurs when the function fails, leading to a double-free condition when pointer free subsequently calls sdl Pointer Free. This double-free issue triggers a use-after-free (UAF) error as detected by AddressSanitizer (ASan).

Recommendations Update to version 3.22.0 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-06516

CVE-2026-24680

GHSA-J893-9WG8-33RC

MGASA-2026-0046

OPENSUSE-SU-2026:10132-1

OPENSUSE-SU-2026:20339-1

SUSE-SU-2026:0763-1

USN-8042-1

Affected Products

Freerdp

Linuxmint

Ubuntu

PT-2026-7039 · Freerdp+2 · Freerdp+2

CVE-2026-24680

Weakness Enumeration

Related Identifiers

Affected Products

References · 129