Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 25, 2026
FreeRDP has heap-use-after-free in xf_clipboard_format_equal
CVE-2026-25997
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xf_clipboard_format_equal reads freed lastSentFormats memory because xf_clipboard_formats_free (called from the cliprdr channel thread during auto-reconnect) frees the array while the X11 event thread concurrently iterates it in xf_clipboard_changed, triggering a heap use after free. Version 3.23.0 fixes the issue.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.cmitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.cmitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.cmitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.cmitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.cmitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.cmitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.cmitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/commit/58409406afe7c2a8a71ed2dc8e22075be4f41c0cmitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5j3-m6jf-3jq4mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.