mumble-voip/mumble

mumble-voip/mumble

www.mumble.info

Releases55

Frequency3 months 3 weeks

Last Release 18 days ago

Stars8.04K

Mumble is an open-source, low-latency, high quality voice chat software.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-71264 ↗	Mar 16, 2026Monday, 16 March 2026, 14:18	3.7 LOW	—
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
CVE-2021-27229 ↗	Feb 16, 2021Tuesday, 16 February 2021, 04:15	8.8 HIGH	6.8 MEDIUM
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
CVE-2020-13962 ↗	Jun 9, 2020Tuesday, 9 June 2020, 00:15	7.5 HIGH	5 MEDIUM
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
CVE-2018-20743 ↗	Jan 25, 2019Friday, 25 January 2019, 16:29	—	5 MEDIUM
murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
CVE-2012-0863 ↗	Apr 30, 2012Monday, 30 April 2012, 14:55	—	2.1 LOW
Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.