CVE-2026-33977 MEDIUM

CVE-2026-33977: FreeRDP: DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)

Vendor Freerdp
Product FreeRDP
Weakness CWE-617
Published March 30, 2026
Last update March 31, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly from the network and used to index into a 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue has been patched in version 3.24.2.

Key dates

02Disclosure timeline

March 30, 2026 CVE published
March 31, 2026 Record updated