FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24678.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-416"
]
}{
"cpe": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.22.0"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"digest": {
"function_hash": "16823957286247065030325992466647640066",
"length": 402.0
},
"target": {
"function": "ecam_dev_on_close",
"file": "channels/rdpecam/client/camera_device_main.c"
},
"id": "CVE-2026-24678-4c2fdc7b",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/freerdp/freerdp/commit/f3ab1a16139036179d9852745fdade18fec11600",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"165611990043554273505170473215149876886",
"204325796941856603982662119830779334201",
"320408182039676249377418227761068669333"
]
},
"target": {
"file": "channels/rdpecam/client/camera_device_main.c"
},
"id": "CVE-2026-24678-f0d376bc",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/freerdp/freerdp/commit/f3ab1a16139036179d9852745fdade18fec11600",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24678.json"
"2026-07-09T19:35:08Z"