Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash. This vulnerability is fixed in 3.24.0.
Published: 2026-03-13
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

FreeRDP, a free Remote Desktop Protocol implementation, contains a division‑by‑zero condition in its MS‑ADPCM and IMA‑ADPCM audio decoders when the block alignment value (nBlockAlign) supplied by the server is zero. The decoder performs a modulus operation with nBlockAlign without validating the value, leading to a SIGFPE that crashes the client. This vulnerability is classified as CWE‑369 and results in a denial‑of‑service condition for users of the affected FreeRDP client.

Affected Systems

Affected systems are installations of the FreeRDP client before version 3.24.0. The issue appears in all builds where the audio codecs are enabled and the server local or remote audio channel (RDPSND) provides an audio format PDU with an nBlockAlign field of zero. End‑users running FreeRDP 3.23.x and earlier are susceptible.

Risk and Exploitability

The CVSS base score is 6.5, indicating moderate severity. The EPSS score is below 1%, suggesting exploitation is currently unlikely in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector requires an attacker who can supply a malformed RDPSND PDU to a FreeRDP client – typically a remote attacker with access to a remote desktop session or control over the server's audio format negotiation. The exploit is straightforward once this condition is met, but the real‑world impact is contained to the client application, causing a crash and loss of availability until the client is restarted or patched.

Generated by OpenCVE AI on March 17, 2026 at 16:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FreeRDP to 3.24.0 or later

Generated by OpenCVE AI on March 17, 2026 at 16:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Mon, 16 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Sat, 14 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 13 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash. This vulnerability is fixed in 3.24.0.
Title FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0
Weaknesses CWE-369
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-16T15:33:42.352Z

Reserved: 2026-03-09T21:59:02.686Z

Link: CVE-2026-31884

cve-icon Vulnrichment

Updated: 2026-03-16T15:33:33.590Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:54:37.373

Modified: 2026-03-17T14:25:10.510

Link: CVE-2026-31884

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-13T17:36:57Z

Links: CVE-2026-31884 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:41Z

Weaknesses