|
|
Subscribe / Log in / New account

mumble: multiple vulnerabilities

Package(s):mumble CVE #(s):CVE-2014-0044 CVE-2014-0045
Created:February 5, 2014 Updated:May 8, 2014
Description: From the Debian advisory:

CVE-2014-0044: It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malicious remote attacker could exploit this flaw to mount a denial of service attack against a mumble client by causing the application to crash.

CVE-2014-0045: It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow. A malicious remote attacker could use this flaw to cause a client crash (denial of service) or potentially use it to execute arbitrary code.

Alerts:
Gentoo 201406-06 mumble 2014-06-06
Fedora FEDORA-2014-5751 mumble 2014-05-08
Fedora FEDORA-2014-5767 mumble 2014-05-08
openSUSE openSUSE-SU-2014:0271-1 mumble 2014-02-21
Debian DSA-2854-1 mumble 2014-02-05
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds