Heap Buffer Overflow in FreeRDP Audio Decoders Affecting Various Versions
CVE-2026-31883

6.5MEDIUM

Key Information:

Vendor

Freerdp

Status
Freerdp
Vendor
CVE Published:
13 March 2026

What is CVE-2026-31883?

CVE-2026-31883 is a vulnerability identified in FreeRDP, which is a widely used open-source implementation of the Remote Desktop Protocol (RDP). This protocol facilitates remote connectivity to a computer or server over a network, enabling users to access their systems as if they were in front of them. The vulnerability stems from a heap buffer overflow that can occur in the audio decoders, specifically the IMA-ADPCM and MS-ADPCM codecs. The issue arises when a specific size calculation related to audio data underflows, leading to improper memory allocation and potentially allowing an attacker to manipulate memory in a hazardous way. If exploited, this vulnerability could result in severe disruptions, including system crashes or the execution of arbitrary code, which poses a substantial threat to organizations relying on FreeRDP for secure remote access.

Potential impact of CVE-2026-31883

  1. System Compromise: Exploiting this vulnerability could allow attackers to execute arbitrary code, leading to unauthorized access or control of sensitive systems. This could enable the installation of malware or the extraction of confidential information.

  2. Denial of Service: The nature of the heap buffer overflow could lead to situations where affected services or systems become non-responsive, effectively creating a denial of service condition. This could disrupt critical operations for organizations relying on continuous remote access.

  3. Data Integrity Risks: Given the potential for memory manipulation, there is an increased risk of data corruption or loss. Attackers could exploit this vulnerability to alter data during transmission or storage, jeopardizing the integrity of sensitive information managed through FreeRDP.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FreeRDP < 3.24.0

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.