CVE-2026-24676

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-24676
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24676.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-24676
Aliases
  • GHSA-qh5p-frq4-pgxj
Downstream
Related
Published
2026-02-09T18:15:33.646Z
Modified
2026-04-12T15:43:49.275900Z
Severity
  • 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
FreeRDP has a heap-use-after-free in audio_format_compatible
Details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-416"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24676.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "3.22.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e3ef4c71138f76516299cb3637d2d0c59b2a3737
Fixed
026b81ae5831ac1598d8f7371e0d0996fac7db00
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.22.0"
        }
    ]
}

Affected versions

1.*
1.0-beta1
1.0-beta2
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
3.*
3.0.0
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-rc0
3.1.0
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1

Database specific

vanir_signatures_modified 
"2026-04-12T15:43:49Z"
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24676.json"
vanir_signatures 
[
    {
        "target": {
            "file": "channels/audin/client/audin_main.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "148240311658560707645199214846341022933",
                "8710622865407473604928989419711288200",
                "168573012978696353182608825225837988647",
                "170680877978235688099648866790278433966",
                "215700879577111523408339839705673344285",
                "86669764867867518855044324618277497127",
                "239655849859294755658804305011040929796"
            ]
        },
        "id": "CVE-2026-24676-5ebfe3b8",
        "source": "https://github.com/freerdp/freerdp/commit/026b81ae5831ac1598d8f7371e0d0996fac7db00",
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "audin_process_formats",
            "file": "channels/audin/client/audin_main.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 2081.0,
            "function_hash": "11369480747779802543627970852397328382"
        },
        "id": "CVE-2026-24676-b9bd186e",
        "source": "https://github.com/freerdp/freerdp/commit/026b81ae5831ac1598d8f7371e0d0996fac7db00",
        "signature_type": "Function"
    }
]