CVE-2026-24684

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave. This vulnerability is fixed in 3.22.0.

Database specific

{
    "cwe_ids": [
        "CWE-416"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24684.json"
}

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type: GIT
Repo: https://github.com/freerdp/freerdp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e3ef4c71138f76516299cb3637d2d0c59b2a3737

Affected versions

1.*

1.0-beta1

1.0-beta2

1.0-beta3

1.0-beta4

1.0-beta5

1.0.0

1.0.1

1.1.0-beta+2013071101

1.1.0-beta1

1.1.0-beta1+android2

1.1.0-beta1+android3

1.1.0-beta1+android4

1.1.0-beta1+android5

1.1.0-beta1+ios1

1.1.0-beta1+ios2

1.1.0-beta1+ios3

1.1.0-beta1+ios4

1.2.0-beta1+android7

1.2.0-beta1+android9

2.*

2.0.0

2.0.0-beta1+android10

2.0.0-beta1+android11

2.0.0-rc0

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

3.*

3.0.0

3.0.0-beta1

3.0.0-beta2

3.0.0-beta3

3.0.0-beta4

3.0.0-rc0

3.1.0

3.10.0

3.10.1

3.10.2

3.10.3

3.11.0

3.11.1

3.12.0

3.13.0

3.14.0

3.14.1

3.15.0

3.16.0

3.17.0

3.17.1

3.17.2

3.18.0

3.19.0

3.19.1

3.2.0

3.20.0

3.20.1

3.20.2

3.21.0

3.3.0

3.4.0

3.5.0

3.5.1

3.6.0

3.6.1

3.6.2

3.6.3

3.7.0

3.9.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24684.json"