Use After Free Affecting freerdp3 package, versions <3.21.0+dfsg-1


Severity

Recommended
0.0
critical
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.4% (33rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIANUNSTABLE-FREERDP3-15036366
  • published20 Jan 2026
  • disclosed19 Jan 2026

Introduced: 19 Jan 2026

CVE-2026-23883  (opens in a new tab)
CWE-416  (opens in a new tab)

How to fix?

Upgrade Debian:unstable freerdp3 to version 3.21.0+dfsg-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream freerdp3 package and not the freerdp3 package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, xf_Pointer_New frees cursorPixels on failure, then pointer_free calls xf_Pointer_Free and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

CVSS Base Scores

version 3.1