RAOP Module Accepts Unbounded ContentLength Values (CVE202614324)
CVE-2026-14324 Published on July 1, 2026

Pipewire: raop rtsp null deref
RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public.

Weakness Type

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.


Products Associated with CVE-2026-14324

Want to know whenever a new CVE is published for Red Hat Enterprise Linux (RHEL)? stack.watch will email you.

 

Affected Versions

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: