Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly from the network and used to index into a 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue has been patched in version 3.24.2.
Published: 2026-03-30
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The FreeRDP client crashes when a malicious RDP server sends audio data in IMA ADPCM format with an invalid initial step index value (greater than or equal to 89). The unvalidated step index is used directly as an index into a 89‑element lookup table, causing a WINPR_ASSERT failure that aborts the client process. This results in a denial of service for users relying on the client.

Affected Systems

All FreeRDP clients affected by this vulnerability run versions older than 3.24.2 and have audio redirection (RDPSND) enabled, which is the default configuration. The affected product is listed as FreeRDP:FreeRDP.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation worldwide. The flaw is not included in the CISA KEV catalog. An attacker who can control an RDP server to which a client connects can trigger the crash by sending a malformed IMA ADPCM audio packet during the session. Because the crash terminates only the client process, the attack does not enable further privilege escalation or data theft, but it effectively disrupts the user’s remote desktop session.

Generated by OpenCVE AI on April 2, 2026 at 04:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FreeRDP to version 3.24.2 or later.
  • If an upgrade is not immediately possible, disable audio redirection (RDPSND) in the client configuration to prevent processing of IMA ADPCM audio streams.

Generated by OpenCVE AI on April 2, 2026 at 04:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Weaknesses CWE-1285
Vendors & Products Freerdp
Freerdp freerdp
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 31 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly from the network and used to index into a 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue has been patched in version 3.24.2.
Title FreeRDP: DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)
Weaknesses CWE-617
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T19:09:29.001Z

Reserved: 2026-03-24T22:20:06.210Z

Link: CVE-2026-33977

cve-icon Vulnrichment

Updated: 2026-03-31T19:06:03.417Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T22:16:19.117

Modified: 2026-04-01T20:05:49.837

Link: CVE-2026-33977

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-30T21:41:36Z

Links: CVE-2026-33977 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:53:56Z

Weaknesses