Login Sign Up

CVE-2024-32039

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

FreeRDP clients prior to versions 3.5.0 or 2.11.6 contain an integer overflow vulnerability that can lead to out-of-bounds writes when processing graphics data. This allows remote attackers to potentially execute arbitrary code or crash the client. Anyone using vulnerable FreeRDP-based remote desktop clients is affected.

💻 Affected Systems

Products:
  • FreeRDP
  • Any software using FreeRDP library
Versions: All versions prior to 3.5.0 and 2.11.6
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in graphics processing code; using /gfx options increases exposure.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Freerdp by Freerdp

View all CVEs affecting Freerdp →

Freerdp by Freerdp

View all CVEs affecting Freerdp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM/root privileges leading to complete system compromise.

🟠

Likely Case

Client crash (denial of service) or limited remote code execution in user context.

🟢

If Mitigated

No impact if patched or workarounds applied; otherwise full compromise possible.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication when connecting to malicious servers.
🏢 Internal Only: HIGH - Internal malicious servers or compromised systems could exploit vulnerable clients.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Integer overflow to out-of-bounds write is a common exploitation path; no public exploit code known at advisory time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.0 or 2.11.6

Vendor Advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9

Restart Required: Yes

Instructions:

1. Identify FreeRDP version. 2. Update to 3.5.0 (main branch) or 2.11.6 (stable branch). 3. Restart affected services/applications. 4. Verify update with version check.

🔧 Temporary Workarounds

Disable Graphics Acceleration

all

Disable graphics acceleration features that trigger the vulnerable code path

xfreerdp /v:TARGET /bpp:32
wfreerdp.exe /v:TARGET /bpp:32

🧯 If You Can't Patch

  • Restrict FreeRDP client usage to trusted internal servers only
  • Implement network segmentation to isolate FreeRDP traffic

🔍 How to Verify

Check if Vulnerable:

Check FreeRDP version with 'xfreerdp --version' or 'wfreerdp --version'

Check Version:

xfreerdp --version 2>/dev/null || wfreerdp --version 2>/dev/null || freerdp --version 2>/dev/null

Verify Fix Applied:

Confirm version is 3.5.0 or higher (main branch) OR 2.11.6 or higher (stable branch)

📡 Detection & Monitoring

Log Indicators:

  • FreeRDP client crashes
  • Memory access violation errors in application logs

Network Indicators:

  • RDP connections to untrusted/unusual destinations
  • Abnormal RDP traffic patterns

SIEM Query:

source="*freerdp*" AND (event_type="crash" OR error="*overflow*" OR error="*out of bounds*")

📊 Metadata

CVE ID: CVE-2024-32039
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: April 22, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32039, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)