Heap-based buffer overflow in FreeRDP - #VU136923
Published: July 6, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a heap-based buffer overflow in freerdp_dsp_decode_opus in libfreerdp/codec/dsp.c when decoding a server-supplied Opus wave PDU on the rdpsnd audio channel. A remote attacker can send a specially crafted Opus audio packet to execute arbitrary code.
Only clients built with WITH_OPUS enabled and without the FFmpeg DSP backend are vulnerable. User interaction is limited to connecting to the server with audio redirection active.