CVE-2026-24684

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-24684
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24684.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-24684
Aliases
  • GHSA-vcgv-xgjp-h83q
Downstream
Related
Published
2026-02-09T18:23:02.882Z
Modified
2026-04-17T13:29:13.075219262Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
FreeRDP has a Heap-use-after-free in play_thread
Details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave. This vulnerability is fixed in 3.22.0.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-416"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24684.json"
}
References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e3ef4c71138f76516299cb3637d2d0c59b2a3737
Fixed
622bb7b4402491ca003f47472d0e478132673696
Fixed
afa6851dc80835d3101e40fcef51b6c5c0f43ea5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.22.0"
        }
    ]
}

Affected versions

1.*
1.0-beta1
1.0-beta2
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
3.*
3.0.0
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-rc0
3.1.0
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2026-24684-04dc054f",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "320311572097518780728811796690758624893",
                "63313115906129110613603736074651103162",
                "252995033149960371784854936696007224435",
                "251892371072136559332524716841156107958",
                "19719109656483084241409752858554859877",
                "194003495590992766253364700688203607408",
                "68193414474714796645160746510110314578",
                "96242589276501001945860564685030044658",
                "16369215670143458953019668364696418258",
                "52269026402565284959146308168088438373",
                "45926920002663016220376242714041135741",
                "115646349199840449234854566762657693779",
                "318604811723192121977739358298625990627",
                "197597468398426326336576493574895798418",
                "154085855765673830825964478243039658654",
                "232723898879576843949616419237326401151",
                "155229659246709589556589146951976802594",
                "322361078014306657792487772276356779078"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "channels/rdpsnd/client/rdpsnd_main.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/622bb7b4402491ca003f47472d0e478132673696"
    },
    {
        "id": "CVE-2026-24684-412b0b48",
        "signature_type": "Function",
        "digest": {
            "function_hash": "187287917228835741502996038007000049623",
            "length": 458.0
        },
        "target": {
            "file": "channels/rdpsnd/client/rdpsnd_main.c",
            "function": "rdpsnd_on_close"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5"
    },
    {
        "id": "CVE-2026-24684-442c31a4",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "158650745859759538054732966642555715374",
                "220059047031435644099739552675008857830",
                "149061543304787094717167172588115782651",
                "231640037708081795038030515063324617042",
                "27751596767051797689032896070749254005",
                "106655397373767393942279322500654436708",
                "170603701570050298245184642344954324562",
                "283503911995970019461531422971657018428",
                "199563303827472367387699989529099444094",
                "151920330953649600554434681078166696684",
                "308263786415631785324696121749277541150",
                "272786670312294928299009176140057395693",
                "192525922363290299890118614211487125924",
                "263850499216555546488950018253922783287",
                "192180000512607345559678858240692204346",
                "14699380546755582834839524069987099867",
                "53119164772464150795571683720100811188",
                "234001515290492960903140451474802789906",
                "322220897468406570225906618241032454072",
                "302289110314026473955365982036701975464",
                "40730029168693483988935596252225154217",
                "304024487441903598773484435594034287126",
                "92529018036430510866012033169494418713",
                "58280072216853016401122820669502830895",
                "294575685537791690108662010230703767269",
                "74440445656508029343318275492637957002",
                "177812014825339048525659459548572616578",
                "140203262742005519881358572680483981554",
                "59713215711525325236509902919812135959",
                "257995105886385890001320079515517469397",
                "117241529810881388551491823779495925199",
                "156243537217900099081252868300914332846",
                "236557653387658253561487188191732902453",
                "54781338199766080718002914867799947751",
                "155097969460831352884279245463850283050",
                "218494638415341617319678628656091589688",
                "128649465430073207204889883518658547202",
                "142740948579247526669635837961699777991",
                "109409051761415260199718184190214131887",
                "279128872782703466090633407123111743383",
                "302332787310250496116188001549063113988"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "channels/rdpsnd/client/rdpsnd_main.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5"
    },
    {
        "id": "CVE-2026-24684-520138e4",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5",
        "target": {
            "file": "channels/rdpsnd/client/rdpsnd_main.c",
            "function": "cleanup_internals"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "151616889598604080158835697837567739471",
            "length": 463.0
        }
    },
    {
        "id": "CVE-2026-24684-5f2825d2",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5",
        "target": {
            "file": "channels/rdpsnd/client/rdpsnd_main.c",
            "function": "rdpsnd_virtual_channel_event_initialized"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "306802294204057848151389251109194312969",
            "length": 485.0
        }
    },
    {
        "id": "CVE-2026-24684-8546c224",
        "signature_type": "Function",
        "digest": {
            "function_hash": "115192286120414010421354006218434689266",
            "length": 438.0
        },
        "target": {
            "file": "channels/rdpsnd/client/rdpsnd_main.c",
            "function": "rdpsnd_virtual_channel_event_terminated"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/622bb7b4402491ca003f47472d0e478132673696"
    },
    {
        "id": "CVE-2026-24684-ca76cfdb",
        "signature_type": "Function",
        "digest": {
            "function_hash": "233631403432229199530818229590477307388",
            "length": 253.0
        },
        "target": {
            "file": "channels/rdpsnd/client/rdpsnd_main.c",
            "function": "rdpsnd_virtual_channel_event_terminated"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5"
    },
    {
        "id": "CVE-2026-24684-dc9e369b",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5",
        "target": {
            "file": "channels/rdpsnd/client/rdpsnd_main.c",
            "function": "allocate_internals"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "255542198989332870352392289096625081400",
            "length": 334.0
        }
    },
    {
        "id": "CVE-2026-24684-f35b31b6",
        "signature_type": "Function",
        "digest": {
            "function_hash": "210195744027551469618217751163172847760",
            "length": 281.0
        },
        "target": {
            "file": "channels/rdpsnd/client/rdpsnd_main.c",
            "function": "free_internals"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5"
    }
]
vanir_signatures_modified 
"2026-04-16T14:50:16Z"
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24684.json"