CVE-2025-71264
Awaiting Analysis Awaiting Analysis - Queue
Out-of-Bounds Access in Mumble ≀1.6.870 Causes Client Crash

Publication date: 2026-03-16

Last updated on: 2026-04-02

Assigner: MITRE

Description
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71264
EUVD
EUVD-2025-208685
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mumble mumble to 1.6.870 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-71264 is a vulnerability in the Mumble client before version 1.6.870 caused by incorrect handling of Opus audio decoding, specifically related to stereo stream processing and buffer size management.

The issue arises from incorrect assumptions about the maximum duration of Opus audio packets and improper calculation of frame sizes passed to the decoder. The code originally assumed a maximum Opus frame duration of 60 milliseconds, but Opus packets can contain multiple frames totaling up to 120 milliseconds.

Additionally, the frame size parameter passed to the Opus decoder was incorrectly calculated as the total frame size for all channels instead of the per-channel frame size. This mismatch could cause out-of-bounds memory access during decoding, leading to potential client crashes.

The vulnerability manifests as an out-of-bounds array access that may result in a denial of service by crashing the client.

Impact Analysis

This vulnerability can impact users by causing the Mumble client to crash due to out-of-bounds memory access during audio decoding.

Such crashes result in denial of service, interrupting communication and potentially causing loss of audio data or session disruptions.

Because the issue is triggered by malformed or specially crafted Opus audio packets, an attacker could exploit this vulnerability remotely by sending malicious audio data to the client.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves an out-of-bounds array access in the Mumble client during Opus audio decoding, which may cause client crashes (denial of service). Detection on a network or system would typically involve monitoring for crashes or abnormal behavior in the Mumble client version before 1.6.870.

Since the issue is internal to the audio decoding process, there are no specific network commands or signatures provided to detect exploitation attempts directly.

To detect if the vulnerable version of Mumble is running, you can check the installed Mumble client version on your system.

  • On Linux, use: `mumble --version` or check the package version with your package manager, e.g., `dpkg -l | grep mumble` or `rpm -q mumble`.
  • On Windows, check the application version in the About section or via the executable properties.

Monitoring application logs for crashes or abnormal terminations of the Mumble client may also help identify if the vulnerability is being triggered.

Mitigation Strategies

The primary mitigation step is to update the Mumble client to version 1.6.870 or later, where the vulnerability has been fixed.

The fix involves correcting buffer size calculations and per-channel frame size handling in the Opus audio decoding process to prevent out-of-bounds memory access.

If immediate updating is not possible, consider limiting access to the Mumble client or monitoring for crashes as a temporary measure.

Review and apply any patches or updates provided by the Mumble project that address this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71264. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart