VYPR

rpm package

opensuse/mumble&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/mumble&distro=openSUSE%20Tumbleweed

Vulnerabilities (9)

  • CVE-2025-71264LowMar 16, 2026
    affected < 1.5.857-2.1fixed 1.5.857-2.1

    Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).

  • CVE-2021-27229Feb 16, 2021
    affected < 1.3.4-2.7fixed 1.3.4-2.7

    Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.

  • CVE-2010-2490Oct 31, 2019
    affected < 1.2.17-1.2fixed 1.2.17-1.2

    Mumble: murmur-server has DoS due to malformed client query

  • CVE-2018-20743Jan 25, 2019
    affected < 1.3.4-2.7fixed 1.3.4-2.7

    murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.

  • CVE-2014-3756Nov 16, 2014
    affected < 1.2.17-1.2fixed 1.2.17-1.2

    The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel

  • CVE-2014-3755Nov 16, 2014
    affected < 1.2.17-1.2fixed 1.2.17-1.2

    The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

  • CVE-2014-0045Feb 8, 2014
    affected < 1.2.17-1.2fixed 1.2.17-1.2

    The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float funct

  • CVE-2014-0044Feb 8, 2014
    affected < 1.2.17-1.2fixed 1.2.17-1.2

    The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read

  • CVE-2012-0863Apr 30, 2012
    affected < 1.2.17-1.2fixed 1.2.17-1.2

    Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.