Mumble
Products
2- 11 CVEs
- 1 CVE
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-71264 | Low | 0.17 | 3.7 | 0.00 | Mar 16, 2026 | Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash). | ||
| CVE-2021-27229 | 0.00 | — | 0.03 | Feb 16, 2021 | Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | |||
| CVE-2020-13962 | 0.00 | — | 0.03 | Jun 8, 2020 | Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any… | |||
| CVE-2010-2490 | 0.00 | — | 0.02 | Oct 31, 2019 | Mumble: murmur-server has DoS due to malformed client query | |||
| CVE-2018-20743 | 0.00 | — | 0.04 | Jan 25, 2019 | murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | |||
| CVE-2014-3756 | 0.00 | — | 0.01 | Nov 16, 2014 | The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel… | |||
| CVE-2014-3755 | 0.00 | — | 0.03 | Nov 16, 2014 | The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. | |||
| CVE-2014-1916 | 0.00 | — | 0.02 | Feb 8, 2014 | The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which… | |||
| CVE-2014-0045 | 0.00 | — | 0.04 | Feb 8, 2014 | The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float… | |||
| CVE-2014-0044 | 0.00 | — | 0.02 | Feb 8, 2014 | The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read… | |||
| CVE-2012-0863 | 0.00 | — | 0.00 | Apr 30, 2012 | Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file. |
- risk 0.17cvss 3.7epss 0.00
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
- CVE-2021-27229Feb 16, 2021risk 0.00cvss —epss 0.03
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
- CVE-2020-13962Jun 8, 2020risk 0.00cvss —epss 0.03
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any…
- CVE-2010-2490Oct 31, 2019risk 0.00cvss —epss 0.02
Mumble: murmur-server has DoS due to malformed client query
- CVE-2018-20743Jan 25, 2019risk 0.00cvss —epss 0.04
murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
- CVE-2014-3756Nov 16, 2014risk 0.00cvss —epss 0.01
The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel…
- CVE-2014-3755Nov 16, 2014risk 0.00cvss —epss 0.03
The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.
- CVE-2014-1916Feb 8, 2014risk 0.00cvss —epss 0.02
The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which…
- CVE-2014-0045Feb 8, 2014risk 0.00cvss —epss 0.04
The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float…
- CVE-2014-0044Feb 8, 2014risk 0.00cvss —epss 0.02
The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read…
- CVE-2012-0863Apr 30, 2012risk 0.00cvss —epss 0.00
Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.