Heap-based buffer overflow in FreeRDP - #VU136923

 

Heap-based buffer overflow in FreeRDP - #VU136923

Published: July 6, 2026


Vulnerability identifier: #VU136923
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: FreeRDP
Affected software:
FreeRDP

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a heap-based buffer overflow in freerdp_dsp_decode_opus in libfreerdp/codec/dsp.c when decoding a server-supplied Opus wave PDU on the rdpsnd audio channel. A remote attacker can send a specially crafted Opus audio packet to execute arbitrary code.

Only clients built with WITH_OPUS enabled and without the FFmpeg DSP backend are vulnerable. User interaction is limited to connecting to the server with audio redirection active.


Remediation

Install security update from vendor's website.

Sources