CVE-2026-14324

Publication date 1 July 2026

Last updated 16 July 2026


Ubuntu priority

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

Status

Package Ubuntu Release Status
pipewire 26.04 LTS resolute
Fixed 1.6.2-1ubuntu1.1
25.10 questing Ignored end of life, was needed
24.04 LTS noble
Fixed 1.0.5-1ubuntu3.3
22.04 LTS jammy
Not affected
20.04 LTS focal
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
pipewire

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.5 · Medium

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


Access our resources on patching vulnerabilities