Debian Mumble vulnerabilities

10 known vulnerabilities affecting debian/mumble.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4LOW2UNKNOWN1

Vulnerabilities

Page 1 of 1
CVE-2025-71264LOWCVSS 3.7fixed in mumble 1.5.735-7 (forky)2025
CVE-2025-71264 [LOW] CVE-2025-71264: mumble - Mumble before 1.6.870 is prone to an out-of-bounds array access, which may resul... Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash). Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.5.735-7) sid: resolved (fixed in 1.5.735-7) trixie: open
debian
CVE-2021-27229HIGHCVSS 8.8fixed in mumble 1.3.4-1 (bookworm)2021
CVE-2021-27229 [HIGH] CVE-2021-27229: mumble - Mumble before 1.3.4 allows remote code execution if a victim navigates to a craf... Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. Scope: local bookworm: resolved (fixed in 1.3.4-1) bullseye: resolved (fixed in 1.3.4-1) forky: resolved (fixed in 1.3.4-1) sid: resolved (fixed in 1.3.4-1) trixie: resolved (fixed in 1.3.4-1)
debian
CVE-2019-1000029UNKNOWNfixed in mumble 1.3.0~git20190125.440b173+dfsg-1 (bookworm)2019
CVE-2019-1000029 CVE-2019-1000029: mumble bookworm: resolved (fixed in 1.3.0~git20190125.440b173+dfsg-1) bullseye: resolved (fixed in 1.3.0~git20190125.440b173+dfsg-1) forky: resolved (fixed in 1.3.0~git20190125.440b173+dfsg-1) sid: resolved (fixed in 1.3.0~git20190125.440b173+dfsg-1) trixie: resolved (fixed in 1.3.0~git20190125.440b173+dfsg-1)
debian
CVE-2018-20743HIGHCVSS 7.5fixed in mumble 1.3.0~git20190114.9fcc588+dfsg-1 (bookworm)2018
CVE-2018-20743 [HIGH] CVE-2018-20743: mumble - murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent... murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. Scope: local bookworm: resolved (fixed in 1.3.0~git20190114.9fcc588+dfsg-1) bullseye: resolved (fixed in 1.3.0~git20190114.9fcc588+dfsg-1) f
debian
CVE-2014-0045HIGHCVSS 7.5fixed in mumble 1.2.4-0.2 (bookworm)2014
CVE-2014-0045 [HIGH] CVE-2014-0045: mumble - The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 an... The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execut
debian
CVE-2014-3755MEDIUMCVSS 5.0fixed in mumble 1.2.6-1 (bookworm)2014
CVE-2014-3755 [MEDIUM] CVE-2014-3755: mumble - The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows r... The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. Scope: local bookworm: resolved (fixed in 1.2.6-1) bullseye: resolved (fixed in 1.2.6-1) forky: resolved (fixed in 1.2.6-1) sid
debian
CVE-2014-0044MEDIUMCVSS 5.0fixed in mumble 1.2.4-0.2 (bookworm)2014
CVE-2014-0044 [MEDIUM] CVE-2014-0044: mumble - The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the... The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka "out-of-bounds array access"). Scope: local bookworm: resolved (fixed in 1.2.4-0.2)
debian
CVE-2014-3756MEDIUMCVSS 5.0fixed in mumble 1.2.6-1 (bookworm)2014
CVE-2014-3756 [MEDIUM] CVE-2014-3756: mumble - The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loa... The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wiza
debian
CVE-2012-0863LOWCVSS 2.1fixed in mumble 1.2.3-3 (bookworm)2012
CVE-2012-0863 [LOW] CVE-2012-0863: mumble - Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/M... Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file. Scope: local bookworm: resolved (fixed in 1.2.3-3) bullseye: resolved (fixed in 1.2.3-3) forky: resolved (fixed in 1.2.3-3) sid: resolved (fi
debian
CVE-2010-2490MEDIUMCVSS 6.5fixed in mumble 1.2.2-4 (bookworm)2010
CVE-2010-2490 [MEDIUM] CVE-2010-2490: mumble - Mumble: murmur-server has DoS due to malformed client query Mumble: murmur-server has DoS due to malformed client query Scope: local bookworm: resolved (fixed in 1.2.2-4) bullseye: resolved (fixed in 1.2.2-4) forky: resolved (fixed in 1.2.2-4) sid: resolved (fixed in 1.2.2-4) trixie: resolved (fixed in 1.2.2-4)
debian