It was discovered that PipeWire accepted unbounded Content-Length values in its RAOP module. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2026-14324)
It was discovered that PipeWire performed multiple unbounded stack allocations in its PulseAudio protocol server. A local attacker could possibly use this issue to cause a denial of service. (CVE-2026-14330)
0.3.48-1ubuntu3.21.0.5-1ubuntu3.31.6.2-1ubuntu1.1