Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pulseaudio pulseaudio vulnerabilities and exploits
(subscribe to this query)
2.9
CVSSv2
CVE-2014-3970
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and previous versions allows remote malicious users to cause a denial of service (assertion failure and abort) via an empty UDP packet.
Pulseaudio Pulseaudio 2.0
Pulseaudio Pulseaudio 1.99.2
Pulseaudio Pulseaudio 5.0
Pulseaudio Pulseaudio 4.0
Pulseaudio Pulseaudio 1.99.1
Pulseaudio Pulseaudio 1.1
Pulseaudio Pulseaudio 1.0
Pulseaudio Pulseaudio 3.0
Pulseaudio Pulseaudio 2.1
7.2
CVSSv2
CVE-2009-1894
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
Pulseaudio Pulseaudio 0.9.10
Pulseaudio Pulseaudio 0.9.9
Pulseaudio Pulseaudio 0.9.14
2 EDB exploits
6.9
CVSSv2
CVE-2009-1299
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
Pulseaudio Pulseaudio 0.9.10
Pulseaudio Pulseaudio 0.9.19
7.2
CVSSv2
CVE-2008-0008
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls t...
Pulseaudio Pulseaudio 0.9.6
Pulseaudio Pulseaudio 0.9.8
7.8
CVSSv2
CVE-2007-1804
PulseAudio 0.9.5 allows remote malicious users to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH va...
Pulseaudio Pulseaudio 0.9.5
1 EDB exploit
3.6
CVSSv2
CVE-2020-15710
Potential double free in Bluez 5 module of PulseAudio could allow a local malicious user to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-devi...
Pulseaudio Project Pulseaudio 1\\
2.1
CVSSv2
CVE-2020-11931
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy mo...
Pulseaudio Pulseaudio
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
2.1
CVSSv2
CVE-2020-16123
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This c...
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
5.8
CVSSv2
CVE-2018-16263
The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen prior to 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
Linux Tizen 1.0
Linux Tizen 2.0
Linux Tizen 2.1
Linux Tizen 2.2
Linux Tizen 2.2.1
Linux Tizen 2.3
Linux Tizen 2.3.1
Linux Tizen 2.4
Linux Tizen 3.0
Linux Tizen 4.0
Linux Tizen 5.0
5
CVSSv2
CVE-2009-0794
Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote malicious users to cause a denial of service (applet crash) via a crafted Pul...
Sun Openjdk 1.6.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started