VYPR
Vendor

Mumble

Products
2
CVEs
11
Across products
12
Status
Private

Products

2

Recent CVEs

11
  • CVE-2025-71264LowMar 16, 2026
    risk 0.17cvss 3.7epss 0.00

    Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).

  • CVE-2021-27229Feb 16, 2021
    risk 0.00cvss epss 0.03

    Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.

  • CVE-2020-13962Jun 8, 2020
    risk 0.00cvss epss 0.03

    Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any…

  • CVE-2010-2490Oct 31, 2019
    risk 0.00cvss epss 0.02

    Mumble: murmur-server has DoS due to malformed client query

  • CVE-2018-20743Jan 25, 2019
    risk 0.00cvss epss 0.04

    murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.

  • CVE-2014-3756Nov 16, 2014
    risk 0.00cvss epss 0.01

    The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel…

  • CVE-2014-3755Nov 16, 2014
    risk 0.00cvss epss 0.03

    The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

  • CVE-2014-1916Feb 8, 2014
    risk 0.00cvss epss 0.02

    The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which…

  • CVE-2014-0045Feb 8, 2014
    risk 0.00cvss epss 0.04

    The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float…

  • CVE-2014-0044Feb 8, 2014
    risk 0.00cvss epss 0.02

    The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read…

  • CVE-2012-0863Apr 30, 2012
    risk 0.00cvss epss 0.00

    Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.