Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.
Published: 2026-03-13
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-bounds read leading to possible data disclosure
Action: Patch
AI Analysis

Impact

The vulnerability resides in the MS‑ADPCM and IMA‑ADPCM decoders of FreeRDP prior to version 3.24.0. It allows a decoder to read memory beyond the bounds of the input buffer because the predictor and step_index values extracted from the audio stream are not validated. Based on the description, it is inferred that this could expose internal memory contents to an attacker, which may be a precursor to more severe attacks.

Affected Systems

All installations of FreeRDP with a release earlier than 3.24.0 are affected. The issue was fixed in release 3.24.0; any deployment using an older version must be updated.

Risk and Exploitability

The CVSS score of 6.5 indicates medium severity. The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, which implies a low likelihood of widespread exploitation. An attacker would need to supply malicious RDP audio data to the vulnerable client or server, implying a remote attack vector that requires the ability to influence the decoding process.

Generated by OpenCVE AI on March 17, 2026 at 17:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update FreeRDP to version 3.24.0 or later
  • Confirm that the running instance is not an older release
  • If an update cannot be applied immediately, configure the system to block or reject incoming audio streams until the patch is installed

Generated by OpenCVE AI on March 17, 2026 at 17:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Mon, 16 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Sat, 14 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 13 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.
Title FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-16T15:32:48.919Z

Reserved: 2026-03-09T21:59:02.686Z

Link: CVE-2026-31885

cve-icon Vulnrichment

Updated: 2026-03-16T15:32:35.327Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:54:37.537

Modified: 2026-03-17T12:58:04.223

Link: CVE-2026-31885

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-13T17:38:23Z

Links: CVE-2026-31885 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:40Z

Weaknesses