rpm package
opensuse/mumble&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/mumble&distro=openSUSE%20Tumbleweed
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-71264 | Low | 3.7 | < 1.5.857-2.1 | 1.5.857-2.1 | Mar 16, 2026 | Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash). | |
| CVE-2021-27229 | — | < 1.3.4-2.7 | 1.3.4-2.7 | Feb 16, 2021 | Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | ||
| CVE-2010-2490 | — | < 1.2.17-1.2 | 1.2.17-1.2 | Oct 31, 2019 | Mumble: murmur-server has DoS due to malformed client query | ||
| CVE-2018-20743 | — | < 1.3.4-2.7 | 1.3.4-2.7 | Jan 25, 2019 | murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | ||
| CVE-2014-3756 | — | < 1.2.17-1.2 | 1.2.17-1.2 | Nov 16, 2014 | The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel | ||
| CVE-2014-3755 | — | < 1.2.17-1.2 | 1.2.17-1.2 | Nov 16, 2014 | The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. | ||
| CVE-2014-0045 | — | < 1.2.17-1.2 | 1.2.17-1.2 | Feb 8, 2014 | The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float funct | ||
| CVE-2014-0044 | — | < 1.2.17-1.2 | 1.2.17-1.2 | Feb 8, 2014 | The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read | ||
| CVE-2012-0863 | — | < 1.2.17-1.2 | 1.2.17-1.2 | Apr 30, 2012 | Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file. |
- affected < 1.5.857-2.1fixed 1.5.857-2.1
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
- CVE-2021-27229Feb 16, 2021affected < 1.3.4-2.7fixed 1.3.4-2.7
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
- CVE-2010-2490Oct 31, 2019affected < 1.2.17-1.2fixed 1.2.17-1.2
Mumble: murmur-server has DoS due to malformed client query
- CVE-2018-20743Jan 25, 2019affected < 1.3.4-2.7fixed 1.3.4-2.7
murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
- CVE-2014-3756Nov 16, 2014affected < 1.2.17-1.2fixed 1.2.17-1.2
The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel
- CVE-2014-3755Nov 16, 2014affected < 1.2.17-1.2fixed 1.2.17-1.2
The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.
- CVE-2014-0045Feb 8, 2014affected < 1.2.17-1.2fixed 1.2.17-1.2
The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float funct
- CVE-2014-0044Feb 8, 2014affected < 1.2.17-1.2fixed 1.2.17-1.2
The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read
- CVE-2012-0863Apr 30, 2012affected < 1.2.17-1.2fixed 1.2.17-1.2
Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.