Primary

Context

FreeRDP AUDIN Format Renegotiation Use-After-Free Vulnerability

Vulnerability

Patched

A heap-use-after-free vulnerability has been identified in FreeRDP versions prior to 3.22.0. The issue arises in the AUDIN channel when format renegotiation occurs. The active format list is freed while the capture thread continues to use a pointer to the freed memory, leading to a use-after-free condition in the 'audio_format_compatible' function. This vulnerability can be exploited by a malicious server, causing a client-side crash and potential heap corruption, with a risk of code execution depending on the allocator's behavior and the surrounding heap layout.

Impact

Exploitation of this vulnerability leads to a heap-use-after-free condition, causing a crash and potential heap corruption. This could allow for code execution, depending on the behavior of the memory allocator and the layout of the heap.

Remediation

Users can upgrade to FreeRDP version 3.22.0 or later to address this vulnerability.

Added: Feb 9, 2026, 7:25 PM

Updated: Feb 9, 2026, 10:03 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

5.0

exploitability

4.2

remediation

7.7

relevance

2.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

5.0

exploitability

4.2

remediation

7.7

relevance

2.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeRDP AUDIN Format Renegotiation Use-After-Free Vulnerability

Vulnerability

Impact

Remediation

Affected Products

FreeRDP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating