Search CVE reports


Toggle filters

1 – 9 of 9 results


CVE-2024-11586

Medium priority
Vulnerable

Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.

1 affected package

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2020-16123

Medium priority
Fixed

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap...

1 affected package

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio Fixed Fixed Fixed
Show less packages

CVE-2020-15710

Medium priority
Fixed

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c...

1 affected package

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio Not affected Not affected Fixed
Show less packages

CVE-2020-11931

Medium priority
Fixed

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or...

1 affected package

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio Fixed Fixed Fixed
Show less packages

CVE-2014-3970

Low priority
Ignored

The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.

1 affected package

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio Not affected Not affected
Show less packages

CVE-2009-1299

Low priority

Some fixes available 1 of 5

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

1 affected package

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio
Show less packages

CVE-2009-1894

High priority
Fixed

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target...

1 affected package

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio
Show less packages

CVE-2008-0008

Low priority
Fixed

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local...

1 affected package

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio
Show less packages

CVE-2007-1804

Unknown priority
Fixed

PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in...

1 affected package

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio
Show less packages