FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconnect) frees the array while the X11 event thread concurrently iterates it in `xf_clipboard_changed`, triggering a heap use after free. Version 3.23.0 fixes the issue.
Metrics
Affected Vendors & Products
References
History
Wed, 25 Feb 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 25 Feb 2026 21:00:00 +0000
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-02-25T21:39:08.071Z
Reserved: 2026-02-09T17:41:55.859Z
Link: CVE-2026-25997
Updated: 2026-02-25T21:39:01.960Z
Status : Received
Published: 2026-02-25T21:16:42.210
Modified: 2026-02-25T22:16:23.913
Link: CVE-2026-25997
No data.
OpenCVE Enrichment
No data.