Unrated severityNVD Advisory· Published Mar 13, 2026· Updated Mar 16, 2026
FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks
CVE-2026-31885
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8mitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h23r-3988-3wf3mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.