CVE Catalog

CVE-2026-14330

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

Multiple unbounded alloca() calls in the PulseAudio protocol server can lead to stack overflow and potential arbitrary code execution.

Risk Assessment

An attacker could remotely crash the service or take control of the system, compromising data confidentiality and integrity.

Recommendation

Immediately update PulseAudio to the latest patched version and restrict protocol server access to trusted hosts only.

Original NVD description (English source)

Multiple unbounded alloca() calls in the PulseAudio protocol server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS