Search CVE reports
1 – 4 of 4 results
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal...
1 affected package
pipewire
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pipewire | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
Some fixes available 3 of 4
Multiple unbounded alloca() calls in the PulseAudio protocol server.
2 affected packages
pipewire, pulseaudio
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pipewire | Fixed | Fixed | Fixed | Not affected | — |
| pulseaudio | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 3
RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.
1 affected package
pipewire
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pipewire | Fixed | Fixed | Not affected | Not affected | — |
Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.
2 affected packages
pipewire, wireplumber
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pipewire | — | Not affected | Ignored | Not affected | Ignored |
| wireplumber | — | Not affected | Ignored | Not in release | Ignored |