Mumble

mumble

Vendor: Mumble • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-71264 1Mumble 1Mumble Apr 2, 2026 Mar 16, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
CVE-2021-27229 2Debian Mumble 2Debian Linux Mumble Nov 21, 2024 Feb 16, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
CVE-2020-13962 4Fedoraproject MumbleOpensuse+1 more 4Fedora LeapMumble+1 more Nov 21, 2024 Jun 9, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS s...Show more Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)Show less
CVE-2010-2490 2Debian Mumble 2Debian Linux Mumble Nov 21, 2024 Oct 31, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mumble: murmur-server has DoS due to malformed client query
CVE-2018-20743 2Debian Mumble 2Debian Linux Mumble Nov 21, 2024 Jan 25, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a messag...Show more murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.Show less
CVE-2014-3756 1Mumble 1Mumble May 6, 2026 Nov 16, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by...Show more The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.Show less
CVE-2014-3755 1Mumble 1Mumble May 6, 2026 Nov 16, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML style...Show more The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.Show less
CVE-2012-0863 1Mumble 1Mumble Apr 29, 2026 Apr 30, 2012 N/A· v4 N/A· v3 2.1 LOW· v2 Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by readi...Show more Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.Show less