CVE-2026-24682

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-24682
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24682.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-24682
Aliases
  • GHSA-vcw2-pqgw-mx6g
Downstream
Related
Published
2026-02-09T18:21:39.733Z
Modified
2026-04-12T15:43:50.849475Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
FreeRDP has a Heap-buffer-overflow in audio_formats_free
Details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audioformats_free. This vulnerability is fixed in 3.22.0.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24682.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "3.22.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e3ef4c71138f76516299cb3637d2d0c59b2a3737
Fixed
1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.22.0"
        }
    ]
}

Affected versions

1.*
1.0-beta1
1.0-beta2
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
3.*
3.0.0
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-rc0
3.1.0
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1

Database specific

vanir_signatures_modified 
"2026-04-12T15:43:50Z"
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24682.json"
vanir_signatures 
[
    {
        "target": {
            "file": "channels/audin/server/audin.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "115483361731204369943809826841946873323",
                "255061465972597120109934512573036033820",
                "140694087973594708718395905318047914272",
                "230500096196630946192198109835561829761",
                "112302090591901991419983042215615838365",
                "198342776683166707256018834413320422390",
                "32516621872820609246945723932104021902",
                "259543496988112955242399020880080169915"
            ]
        },
        "id": "CVE-2026-24682-31df9405",
        "source": "https://github.com/freerdp/freerdp/commit/1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee",
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "audin_server_recv_formats",
            "file": "channels/audin/server/audin.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 1845.0,
            "function_hash": "165647036063939690028294055246214350308"
        },
        "id": "CVE-2026-24682-c35348d7",
        "source": "https://github.com/freerdp/freerdp/commit/1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee",
        "signature_type": "Function"
    }
]