5

CVE-2014-3755

Exploit
The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MumbleMumble Version <= 1.2.5
MumbleMumble Version1.2.0
MumbleMumble Version1.2.1
MumbleMumble Version1.2.2
MumbleMumble Version1.2.3
MumbleMumble Version1.2.3 Updaterc1
MumbleMumble Version1.2.3 Updaterc2
MumbleMumble Version1.2.3 Updaterc3
MumbleMumble Version1.2.4
MumbleMumble Version1.2.4 Updatebeta1
MumbleMumble Version1.2.4 Updaterc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.52% 0.828
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://mumble.info/security/Mumble-SA-2014-005.txt
Vendor Advisory
http://www.openwall.com/lists/oss-security/2014/05/15/1
http://www.openwall.com/lists/oss-security/2014/05/15/4
http://www.securityfocus.com/bid/67400
https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814
Exploit