CVE Catalog
CVE-2026-14330
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk0.10%
1th percentile — higher than 1% of all known CVEs
Summary
Multiple unbounded alloca() calls in the PulseAudio protocol server can lead to stack overflow and potential arbitrary code execution.
Risk Assessment
An attacker could remotely crash the service or take control of the system, compromising data confidentiality and integrity.
Recommendation
Immediately update PulseAudio to the latest patched version and restrict protocol server access to trusted hosts only.
Original NVD description (English source)
Multiple unbounded alloca() calls in the PulseAudio protocol server.

