mumble 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk input validation、パス処理の欠陥, and バッファオーバーフロー に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-71264 | Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash). | [email protected] | 3.7 | 0.28% | 2026-03-16 | 2026-04-02 |
| CVE-2021-27229 | Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | [email protected] | 8.8 | 3.20% | 2021-02-16 | 2024-11-21 |
| CVE-2020-13962 | Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) | [email protected] | 7.5 | 2.93% | 2020-06-09 | 2024-11-21 |
| CVE-2010-2490 | Mumble: murmur-server has DoS due to malformed client query | [email protected] | 6.5 | 1.60% | 2019-10-31 | 2024-11-21 |
| CVE-2018-20743 | murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | [email protected] | 7.5 | 3.62% | 2019-01-25 | 2024-11-21 |
| CVE-2014-3756 | The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. | [email protected] | 5.0 | 1.48% | 2014-11-16 | 2026-05-06 |
| CVE-2014-3755 | The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. | [email protected] | 5.0 | 2.52% | 2014-11-16 | 2026-05-06 |
| CVE-2012-0863 | Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file. | [email protected] | 2.1 | 0.38% | 2012-04-30 | 2026-04-29 |