UbuntuUpdates.org

Package "libpipewire-0.3-dev"

Name: libpipewire-0.3-dev

Description:

libraries for the PipeWire multimedia server - development

Latest version: 0.3.48-1ubuntu3.2
Release: jammy (22.04)
Level: security
Repository: main
Head package: pipewire
Homepage: https://pipewire.org/

Links


Download "libpipewire-0.3-dev"


Other versions of "libpipewire-0.3-dev" in Jammy

Repository Area Version
base main 0.3.48-1ubuntu1
updates main 0.3.48-1ubuntu3.2

Changelog

Version: 0.3.48-1ubuntu3.2 2026-07-13 21:09:33 UTC

  pipewire (0.3.48-1ubuntu3.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service in Pulse module.
    - debian/patches/CVE-2026-14330-pre1.patch: Add a MAX_ALLOCA_SIZE limit
      and check element counts before each alloca() call in
      src/modules/module-protocol-pulse/pulse-server.c
    - debian/patches/CVE-2026-14330.patch: Make a function like alloca but
      with overflow checks and a max allocation size in
      spa/include/spa/utils/defs.h, spa/plugins/audioconvert/audioadapter.c,
      src/modules/module-protocol-pulse/defs.h,
      src/modules/module-protocol-pulse/message.c,
      src/modules/module-protocol-pulse/pulse-server.c,
      src/pipewire/buffers.c, and src/pipewire/impl-node.c
    - CVE-2026-14330

 -- Kyle Kernick <email address hidden> Wed, 08 Jul 2026 19:36:44 -0600

CVE-2026-14330 Multiple unbounded alloca() calls in the PulseAudio protocol server.



About   -   Send Feedback to @ubuntu_updates