FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-0045

This CVE name corresponds to:

Entered Topic
2014-05-29 mumble -- NULL pointer dereference and heap-based buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-0045 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-0045
Phase Assigned(20131203)

Description

The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.

References

Source Reference
CONFIRM http://mumble.info/security/Mumble-SA-2014-002.txt
CONFIRM http://mumble.info/security/Mumble-SA-2014-004.txt
DEBIAN DSA-2854
SUSE openSUSE-SU-2014:0271
OSVDB 102958
OSVDB 102905

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.