CVE-2026-33977
Received Received - Intake
Integer Overflow in FreeRDP Audio Redirection Causes Client Crash

Publication date: 2026-03-30

Last updated on: 2026-04-01

Assigner: GitHub, Inc.

Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly from the network and used to index into a 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue has been patched in version 3.24.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-01
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-14
NVD
CVE-2026-33977
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
freerdp freerdp to 3.24.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in FreeRDP, a free implementation of the Remote Desktop Protocol. Before version 3.24.2, a malicious RDP server could crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (greater than or equal to 89). The client reads this unvalidated step index directly from the network and uses it to index into an 89-entry lookup table, which causes a WINPR_ASSERT() failure and forces the process to abort via SIGABRT.

This affects any FreeRDP client with audio redirection (RDPSND) enabled, which is the default setting. The issue was fixed in version 3.24.2.

Impact Analysis

The vulnerability can cause the FreeRDP client to crash unexpectedly when connected to a malicious RDP server that exploits this flaw. This crash occurs due to an assertion failure triggered by invalid audio data, leading to a denial of service condition for the user.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade your FreeRDP client to version 3.24.2 or later, where the issue has been patched.

Additionally, if upgrading immediately is not possible, consider disabling audio redirection (RDPSND) in the FreeRDP client as a temporary workaround, since the vulnerability affects clients with audio redirection enabled.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33977. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart