7.5
CVE-2014-0045
- EPSS 4.03%
- Veröffentlicht 08.02.2014 00:55:06
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Light Speed Gaming ≫ Mumble Version1.1 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.1 Updaterc1 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.1.1 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.2 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.2.1 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.2.2 SwPlatformiphone_os
Light Speed Gaming ≫ Mumble Version1.2.3 Updaterc1
Light Speed Gaming ≫ Mumble Version1.2.3 Updaterc2
Light Speed Gaming ≫ Mumble Version1.2.3 Updaterc3
Light Speed Gaming ≫ Mumble Version1.2.4
Light Speed Gaming ≫ Mumblekit Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.03% | 0.893 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html
http://www.debian.org/security/2014/dsa-2854
http://mumble.info/security/Mumble-SA-2014-002.txt
http://mumble.info/security/Mumble-SA-2014-004.txt
http://osvdb.org/102905
http://osvdb.org/102958
http://www.securityfocus.com/bid/65374