CVSS 3.1 Score 7.3 of 10 (high)


Published Aug 31, 2023
Updated: Jan 12, 2024
CWE ID 416


CVE-2023-40187 is a Use-After-Free vulnerability in the FreeRDP software, specifically affecting versions of the 3.x beta branch. This vulnerability occurs in the `avc420_ensure_buffer` and `avc444_ensure_buffer` functions when the value of `piDstSize[x]` is 0. As a result, the memory allocation for `ppYUVDstData[x]` is freed, leading to a potential security issue. The vulnerability has been addressed in version 3.0.0-beta3 of FreeRDP, and users are advised to upgrade to this version. There are no known workarounds for this vulnerability, and it has a high severity rating with a base score of 7.3 according to the CVSS (Common Vulnerability Scoring System) assessment.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-40187 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options