CVE-2026-14324
Received Received - Intake

RAOP Module Memory Corruption Vulnerability

Vulnerability report for CVE-2026-14324, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: Red Hat, Inc.

Description

RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
pipewire pipewire *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-14324 is a vulnerability in PipeWire's RAOP (AirPlay) RTSP client module. The issue arises because the module accepts unbounded Content-Length values from remote servers without proper validation and does not check the return value of a memory allocation function (pw_array_add).

An attacker on the local network can exploit this by sending a malicious RTSP response containing an excessively large Content-Length header. This can cause a NULL pointer dereference, which leads to the PipeWire daemon crashing.

Impact Analysis

This vulnerability can cause the PipeWire daemon on affected Linux systems to crash due to a NULL pointer dereference triggered by a maliciously crafted RTSP response.

Such crashes can lead to denial of service conditions, disrupting audio and media streaming services that rely on PipeWire.

Detection Guidance

This vulnerability can be detected by monitoring for crashes or abnormal behavior of the PipeWire daemon, as the exploit causes a NULL pointer dereference leading to a crash.

On the network level, detection involves inspecting RTSP responses for unusually large or malformed Content-Length headers sent to the RAOP module.

Specific commands are not provided in the available information.

Mitigation Strategies

Immediate mitigation steps are not explicitly detailed in the provided information.

However, general best practices include restricting local network access to trusted devices to prevent malicious RTSP responses and monitoring PipeWire daemon stability.

Applying any available patches or updates from PipeWire or your Linux distribution once released is recommended.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14324. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart