Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
AnalysisAI
Mumble before version 1.6.870 contains an out-of-bounds array access vulnerability (CWE-125) that allows remote attackers to crash the client application, resulting in denial of service. The vulnerability requires network access but no authentication or user interaction, affecting all users of vulnerable Mumble client versions. While the CVSS score of 3.7 is relatively low and only impacts availability with no confidentiality or integrity compromise, this vulnerability poses a practical risk to voice communication availability in production deployments.
Technical ContextAI
Mumble is an open-source VoIP application that handles real-time voice communication over network protocols. The vulnerability stems from improper bounds checking in array access operations, classified under CWE-125 (Out-of-bounds Read), which occurs when the application attempts to read memory beyond the allocated boundaries of an array without proper validation. This memory safety issue is common in C/C++-based applications and can be triggered through specially crafted network packets sent to the Mumble client. The affected versions prior to 1.6.870 fail to validate packet structure or array indices before processing incoming protocol data, making remote triggering feasible over the network (AV:N in CVSS vector).
RemediationAI
Upgrade Mumble to version 1.6.870 or later immediately, as this version contains the fix for the out-of-bounds array access vulnerability. Download the patched version from the official Mumble project repository or your distribution's package manager. If immediate patching is not feasible, implement network-level mitigations by restricting Mumble client connections to known, trusted Mumble servers through firewall rules and host-based access controls, thereby reducing exposure to malicious or compromised servers that might send crafted packets. Additionally, monitor Mumble client processes for unexpected crashes and maintain offline communication fallback procedures during patching windows.
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error qu
The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of ser
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on t
The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumbl
The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remo
The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a den
The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before
Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home direc
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allVendor StatusVendor
Debian
Bug #1129178| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 1.3.4-1 | - |
| bookworm | vulnerable | 1.3.4-4 | - |
| trixie | vulnerable | 1.5.735-5 | - |
| forky, sid | fixed | 1.5.735-8 | - |
| (unstable) | fixed | 1.5.735-7 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208685