{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-13T17:35:17Z",
  "bugzilla" : {
    "description" : "freerdp: FreeRDP: Denial of Service via crafted audio data in RDP",
    "id" : "2447386",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2447386"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-191",
  "details" : [ "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.", "A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol (RDP). A remote attacker can exploit a size_t underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a heap-buffer-overflow write, which can result in a denial of service for the FreeRDP client." ],
  "statement" : "Red Hat has protection mechanisms in place, such as FORTIFY_SOURCE, Position Independent Executables or Stack Smashing Protection.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-05-11T00:00:00Z",
    "advisory" : "RHSA-2026:16014",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "freerdp-2:3.10.3-5.el10_1.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19142",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "freerdp-2:3.10.3-12.el10_2.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:20605",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "freerdp-2:3.10.3-3.el10_0.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:20546",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "freerdp-0:2.1.1-5.el7_9.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-05-11T00:00:00Z",
    "advisory" : "RHSA-2026:16019",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "freerdp-2:2.11.7-9.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19811",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "freerdp-2:2.2.0-14.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-05-20T00:00:00Z",
    "advisory" : "RHSA-2026:19811",
    "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4",
    "package" : "freerdp-2:2.2.0-14.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16814",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "freerdp-2:2.2.0-7.el8_6.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16814",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.6",
    "package" : "freerdp-2:2.2.0-7.el8_6.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16814",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.6",
    "package" : "freerdp-2:2.2.0-7.el8_6.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16777",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.8",
    "package" : "freerdp-2:2.2.0-12.el8_8.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16777",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.8",
    "package" : "freerdp-2:2.2.0-12.el8_8.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16482",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "freerdp-2:2.11.7-1.el9_7.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19358",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "freerdp-2:2.11.7-7.el9_8.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16485",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "freerdp-2:2.4.1-3.el9_0.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16483",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "freerdp-2:2.4.1-6.el9_2.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16866",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "freerdp-2:2.11.2-1.el9_4.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-05-13T00:00:00Z",
    "advisory" : "RHSA-2026:16865",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "freerdp-2:2.11.7-1.el9_6.10"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-31883\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31883\nhttps://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5" ],
  "name" : "CVE-2026-31883",
  "csaw" : false
}