Search CVE reports


Toggle filters

1 – 10 of 10 results


CVE-2026-14330

Medium priority
Needs evaluation

Multiple unbounded alloca() calls in the PulseAudio protocol server.

2 affected packages

pipewire, pulseaudio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pipewire Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pulseaudio Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-11586

Medium priority
Vulnerable

Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.

1 affected package

pulseaudio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pulseaudio Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-16123

Medium priority
Fixed

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap...

1 affected package

pulseaudio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pulseaudio Fixed Fixed
Show less packages

CVE-2020-15710

Medium priority
Fixed

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c...

1 affected package

pulseaudio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pulseaudio Not affected Not affected
Show less packages

CVE-2020-11931

Medium priority
Fixed

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or...

1 affected package

pulseaudio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pulseaudio Fixed Fixed
Show less packages

CVE-2014-3970

Low priority
Ignored

The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.

1 affected package

pulseaudio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pulseaudio Not affected
Show less packages

CVE-2009-1299

Low priority

Some fixes available 1 of 5

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

1 affected package

pulseaudio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pulseaudio
Show less packages

CVE-2009-1894

High priority
Fixed

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target...

1 affected package

pulseaudio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pulseaudio
Show less packages

CVE-2008-0008

Low priority
Fixed

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local...

1 affected package

pulseaudio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pulseaudio
Show less packages

CVE-2007-1804

Medium priority
Fixed

PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in...

1 affected package

pulseaudio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pulseaudio
Show less packages