QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-25997

Back to search

CVE-2026-25997

Published: Feb 25, 2026

Modified: Feb 25, 2026

PUBLISHED

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconnect) frees the array while the X11 event thread concurrently iterates it in `xf_clipboard_changed`, triggering a heap use after free. Version 3.23.0 fixes the issue.

VendorProductVersions

FreeRDP

FreeRDP

affected
< 3.23.0

Weaknesses (CWE)

CWE-416

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now