CVE-2026-14330

Summary

Multiple unbounded alloca() calls in the PulseAudio protocol server.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-770: Allocation of Resources Without Limits or Throttling

Workarounds

No practical mitigation beyond upgrading. The PulseAudio protocol server is a core module required for PulseAudio application compatibility.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References