Main Vulnerability Database Vulnerabilities #VU125358

#VU125358 Heap-based buffer overflow in FreeRDP - CVE-2026-31883

Published: April 8, 2026

Vulnerability identifier: #VU125358

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-31883

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeRDP

Software vendor:
FreeRDP

Description

The vulnerability allows a remote attacker to overwrite heap memory.

The vulnerability exists due to a heap-based buffer overflow in the IMA-ADPCM and MS-ADPCM audio decoders in libfreerdp/codec/dsp.c when processing crafted RDPSND audio format and wave data. A remote attacker can send specially crafted RDPSND audio data to overwrite heap memory.

Audio data is processed automatically during an RDP session when RDPSND is negotiated.

Remediation

Install security update from vendor's website.

External links

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5

#VU125358 Heap-based buffer overflow in FreeRDP - CVE-2026-31883

Description

Remediation

External links

Please verify you're human