CVE-2026-25997
FreeRDP has heap-use-after-free in xf_clipboard_format_equal
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconnect) frees the array while the X11 event thread concurrently iterates it in `xf_clipboard_changed`, triggering a heap use after free. Version 3.23.0 fixes the issue.
| CWE | CWE-416 |
| Vendor | freerdp |
| Product | freerdp |
| Published | Feb 25, 2026 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for freerdp freerdp
Be the first to know when new unknown vulnerabilities affecting freerdp freerdp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
FreeRDP / FreeRDP
< 3.23.0
References
github.com: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5j3-m6jf-3jq4 github.com: https://github.com/FreeRDP/FreeRDP/commit/58409406afe7c2a8a71ed2dc8e22075be4f41c0c github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.c#L1884 github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.c#L1889 github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.c#L265 github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.c#L616 github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.c#L831 github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.c#L851-L855 github.com: https://github.com/FreeRDP/FreeRDP/blob/5c7aae27d0417b42b4806c2a5c583ca39dd9ef1e/client/X11/xf_cliprdr.c#L868-L875