Pulseaudio

pulseaudio

Vendor: Pulseaudio • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-11586 1Pulseaudio 1Pulseaudio Aug 26, 2025 Nov 23, 2024 N/A· v4 4.0 MEDIUM· v3 N/A· v2 Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.
CVE-2020-11931 2Canonical Pulseaudio 2Pulseaudio Ubuntu Linux Nov 21, 2024 May 15, 2020 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback...Show more An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;Show less
CVE-2014-3970 1Pulseaudio 1Pulseaudio May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 2.9 LOW· v2 The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
CVE-2009-1299 1Pulseaudio 1Pulseaudio Apr 29, 2026 Mar 18, 2010 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
CVE-2009-1894 1Pulseaudio 1Pulseaudio Apr 23, 2026 Jul 17, 2009 N/A· v4 N/A· v3 7.2 HIGH· v2 Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on t...Show more Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.Show less
CVE-2008-0008 1Pulseaudio 1Pulseaudio Apr 23, 2026 Jan 29, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might a...Show more The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.Show less
CVE-2007-1804 1Pulseaudio 1Pulseaudio Apr 23, 2026 Apr 2, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failur...Show more PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.Show less