|Package(s):||mumble||CVE #(s):||CVE-2014-0044 CVE-2014-0045|
|Created:||February 5, 2014||Updated:||May 8, 2014|
|Description:||From the Debian advisory:
CVE-2014-0044: It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malicious remote attacker could exploit this flaw to mount a denial of service attack against a mumble client by causing the application to crash.
CVE-2014-0045: It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow. A malicious remote attacker could use this flaw to cause a client crash (denial of service) or potentially use it to execute arbitrary code.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds