Critical PipeWire Vulnerabilities Affect Ubuntu 24.04 LTS

Critical PipeWire Vulnerabilities Affect Ubuntu 24.04 LTS

First seen 14 Jul 2026, 09:39 UTC UbuntuLinuxsecurity 95% similarity 70.5

Article Content

Browse articles
ThreatCluster

Two critical vulnerabilities in PipeWire have been identified, affecting Ubuntu 24.04 LTS. The first vulnerability (CVE-2026-14324) allows a remote attacker to cause a denial of service by exploiting unbounded Content-Length values in the RAOP module. The second vulnerability (CVE-2026-14330) enables a local attacker to cause a denial of service through unbounded stack allocations in the PulseAudio protocol server. Both vulnerabilities were published on 2026-07-01. Users are advised to update their systems to the latest package versions to mitigate these risks. The vulnerabilities are specific to Ubuntu 24.04 LTS, with no mention of impact on other versions. The recommended action includes restarting PipeWire after the update to apply the changes.

Key Points: • Two critical vulnerabilities in PipeWire affect Ubuntu 24.04 LTS. • CVE-2026-14324 allows remote denial of service via unbounded Content-Length values. • CVE-2026-14330 enables local denial of service through unbounded stack allocations.

ThreatCluster AI

Timeline

2026-07-01
CVE-2026-14324 published
A vulnerability allowing remote denial of service via unbounded Content-Length values in PipeWire's RAOP module was disclosed.
Linuxsecurity
2026-07-01
CVE-2026-14330 published
A vulnerability enabling local denial of service through unbounded stack allocations in PipeWire's PulseAudio server was disclosed.
Linuxsecurity
2026-07-13
Security notice issued for PipeWire vulnerabilities
Ubuntu released USN-8535-1, detailing the vulnerabilities and advising users to update their systems.
Ubuntu

Community

Browse all →