Primary

Context

FreeRDP Heap Use-After-Free Vulnerability in Pointer Handling

Vulnerability

Patched

A heap-use-after-free vulnerability has been identified in FreeRDP, a free implementation of the Remote Desktop Protocol. This issue affects versions through 3.21.0. The vulnerability arises in the SDL pointer handling, where the function 'sdl_Pointer_New' frees pointer data on failure. However, the subsequent call to 'pointer_free' invokes 'sdl_Pointer_Free', which frees the data again, leading to a use-after-free condition. This vulnerability can be exploited by a malicious server, potentially causing a client-side crash and allowing for code execution under certain conditions.

Impact

Exploitation of this vulnerability causes a client-side crash and a use-after-free condition that could lead to heap corruption. Depending on the behavior of the memory allocator and the layout of the heap, this could allow for arbitrary code execution.

Remediation

Users can upgrade to FreeRDP version 3.22.0 or later to address this vulnerability.

Added: Feb 9, 2026, 7:21 PM

Updated: Feb 9, 2026, 10:01 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeRDP Heap Use-After-Free Vulnerability in Pointer Handling

Vulnerability

Impact

Remediation

Affected Products

FreeRDP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating