Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.5

FreeRDP Remote Desktop Protocol Crashes Due to Invalid Audio Settings

UBUNTU-CVE-2026-31884
Summary

A bug in FreeRDP's audio decoder could cause the program to crash when receiving invalid audio settings from a remote server. This could happen if the server sends an invalid audio format, which is not properly checked by FreeRDP. To fix this issue, update to version 3.24.0 or later.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
Ecosystem VendorProductAffected versions
Ubuntu:16.04:LTS canonical freerdp All versions
Ubuntu:Pro:18.04:LTS canonical freerdp2 All versions
Ubuntu:18.04:LTS canonical freerdp All versions
Ubuntu:Pro:20.04:LTS canonical freerdp2 All versions
Ubuntu:22.04:LTS canonical freerdp2 All versions
Ubuntu:24.04:LTS canonical freerdp3 All versions
Ubuntu:Pro:24.04:LTS canonical freerdp2 All versions
Ubuntu:25.10 canonical freerdp3 All versions
Original title
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/...
Original description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash. This vulnerability is fixed in 3.24.0.
osv CVSS3.1 6.5
osv CVSS3.1 7.5
Published: 13 Mar 2026 · Updated: 16 Jun 2026 · First seen: 16 Jun 2026