CVE-2025-71264
Out-of-Bounds Access in Mumble β€1.6.870 Causes Client Crash
Publication date: 2026-03-16
Last updated on: 2026-04-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mumble | mumble | to 1.6.870 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-71264 is a vulnerability in the Mumble client before version 1.6.870 caused by incorrect handling of Opus audio decoding, specifically related to stereo stream processing and buffer size management.
The issue arises from incorrect assumptions about the maximum duration of Opus audio packets and improper calculation of frame sizes passed to the decoder. The code originally assumed a maximum Opus frame duration of 60 milliseconds, but Opus packets can contain multiple frames totaling up to 120 milliseconds.
Additionally, the frame size parameter passed to the Opus decoder was incorrectly calculated as the total frame size for all channels instead of the per-channel frame size. This mismatch could cause out-of-bounds memory access during decoding, leading to potential client crashes.
The vulnerability manifests as an out-of-bounds array access that may result in a denial of service by crashing the client.
How can this vulnerability impact me? :
This vulnerability can impact users by causing the Mumble client to crash due to out-of-bounds memory access during audio decoding.
Such crashes result in denial of service, interrupting communication and potentially causing loss of audio data or session disruptions.
Because the issue is triggered by malformed or specially crafted Opus audio packets, an attacker could exploit this vulnerability remotely by sending malicious audio data to the client.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an out-of-bounds array access in the Mumble client during Opus audio decoding, which may cause client crashes (denial of service). Detection on a network or system would typically involve monitoring for crashes or abnormal behavior in the Mumble client version before 1.6.870.
Since the issue is internal to the audio decoding process, there are no specific network commands or signatures provided to detect exploitation attempts directly.
To detect if the vulnerable version of Mumble is running, you can check the installed Mumble client version on your system.
- On Linux, use: `mumble --version` or check the package version with your package manager, e.g., `dpkg -l | grep mumble` or `rpm -q mumble`.
- On Windows, check the application version in the About section or via the executable properties.
Monitoring application logs for crashes or abnormal terminations of the Mumble client may also help identify if the vulnerability is being triggered.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Mumble client to version 1.6.870 or later, where the vulnerability has been fixed.
The fix involves correcting buffer size calculations and per-channel frame size handling in the Opus audio decoding process to prevent out-of-bounds memory access.
If immediate updating is not possible, consider limiting access to the Mumble client or monitoring for crashes as a temporary measure.
Review and apply any patches or updates provided by the Mumble project that address this issue.