Primary

Context

FreeRDP Heap Use-After-Free Vulnerability in Video Timer Component

Vulnerability

Patched

A heap use-after-free vulnerability has been identified in FreeRDP, a free implementation of the Remote Desktop Protocol. This issue affects versions through 3.21.0. The vulnerability arises in the video_timer function, which can send client notifications after the control channel has been closed. This behavior leads to dereferencing a freed callback, creating a use-after-free condition. The vulnerability can be exploited by a malicious server, causing a client-side crash and potential heap corruption, with a risk of code execution depending on the allocator's behavior and the surrounding heap layout.

Impact

Exploitation of this vulnerability causes a client-side crash and potential heap corruption, with a risk of code execution depending on the allocator's behavior and surrounding heap layout.

Remediation

Users can upgrade to FreeRDP version 3.22.0 or later to address this vulnerability.

Added: Feb 9, 2026, 7:26 PM

Updated: Feb 9, 2026, 10:05 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

5.0

exploitability

5.2

remediation

7.7

relevance

2.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

5.0

exploitability

5.2

remediation

7.7

relevance

2.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeRDP Heap Use-After-Free Vulnerability in Video Timer Component

Vulnerability

Impact

Remediation

Affected Products

FreeRDP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating