Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash. This vulnerability is fixed in 3.24.0.

INFO

Published Date :

2026-03-13T17:36:57.722Z

Last Modified :

2026-03-13T17:36:57.722Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31884 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31884.

URL Resource
https://github.com/FreeRDP/FreeRDP/commit/03b48b3601d867afccac1cdc6081de7a275edce7 cve-icon cve-icon cve-icon
https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8 cve-icon cve-icon cve-icon
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jp7m-94ww-p56r cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-31884 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-31884 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact