Division by zero in FreeRDP - #VU137840
Published: July 16, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to divide by zero in ecam_encoder_context_init() when processing a StartStreamsRequest PDU containing a server-controlled frame-rate denominator. A remote attacker can send a specially crafted StartStreamsRequest PDU to cause a denial of service.
User interaction is required because the victim must connect to a malicious or compromised RDP server with camera redirection enabled.