7.5
CVE-2014-0045
- EPSS 2.66%
- Veröffentlicht 08.02.2014 00:55:06
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Light Speed Gaming ≫ Mumble Version1.1 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.1 Updaterc1 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.1.1 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.2 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.2.1 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.2.2 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.2.3 Updaterc1
Light Speed Gaming ≫ Mumble Version1.2.3 Updaterc2
Light Speed Gaming ≫ Mumble Version1.2.3 Updaterc3
Light Speed Gaming ≫ Mumble Version1.2.4
Light Speed Gaming ≫ Mumblekit Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.66% | 0.844 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|