CVE-2026-24680

Published: Feb 9, 2026

Modified: Feb 10, 2026

PUBLISHED

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.

Vendor	Product	Versions
FreeRDP	FreeRDP	affected `< 3.22.0`

Weaknesses (CWE)

CWE-416

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j893-9wg8-33rc

x_refsource_CONFIRM

https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-24680

Description

Affected Products

Weaknesses (CWE)

References