Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201406-06
HistoryJun 06, 2014 - 12:00 a.m.

Mumble: Multiple vulnerabilities

2014-06-0600:00:00
Gentoo Foundation
security.gentoo.org
11

0.085 Low

EPSS

Percentile

94.4%

JSON

Background

Mumble is low-latency voice chat software intended for use with gaming.

Description

Multiple vulnerabilities have been discovered in Mumble:

  • A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the opus_packet_get_samples_per_frame function (CVE-2014-0044)
  • A crafted packet can trigger an error in the opus_decode_float function, leading to a heap-based buffer overflow (CVE-2014-0045)
  • A crafted SVG referencing local files can lead to resource exhaustion or hangs (CVE-2014-3755)
  • Mumble does not properly escape HTML in some external strings before displaying them (CVE-2014-3756)

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Mumble users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-sound/mumble-1.2.6"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-sound/mumble< 1.2.6UNKNOWN

Related

fedora 5
openvas 11
nessus 9
mageia 1
osv 1
freebsd 1
debian 2
prion 4
ubuntucve 4
debiancve 4
cvelist 4
cve 4
seebug 2
securityvulns 1
fedora
fedora
[SECURITY] Fedora 19 Update: mumble-1.2.6-1.fc19
2014-05-28 02:55:34
[SECURITY] Fedora 20 Update: mumble-1.2.6-1.fc20
2014-05-28 02:54:16
[SECURITY] Fedora 20 Update: mumble-1.2.6-1.fc20.1
2014-07-26 00:11:15
openvas
openvas
Gentoo Security Advisory GLSA 201406-06
2015-09-29 00:00:00
Fedora Update for mumble FEDORA-2014-6472
2014-06-02 00:00:00
Fedora Update for mumble FEDORA-2014-6470
2014-06-02 00:00:00
nessus
nessus
GLSA-201406-06 : Mumble: Multiple vulnerabilities
2014-06-07 00:00:00
Fedora 19 : mumble-1.2.6-1.fc19 (2014-6470)
2014-05-28 00:00:00
Fedora 20 : mumble-1.2.6-1.fc20 (2014-6472)
2014-05-28 00:00:00
mageia
mageia
Updated mumble packages fix two security vulnervabilitites
2014-05-30 11:47:09
osv
osv
mumble - several
2014-02-05 00:00:00
freebsd
freebsd
mumble -- NULL pointer dereference and heap-based buffer overflow
2014-01-25 00:00:00
debian
debian
[SECURITY] [DSA 2854-1] mumble security update
2014-02-05 15:41:08
[SECURITY] [DSA 2854-1] mumble security update
2014-02-05 15:41:32
prion
prion
Code injection
2014-11-16 11:59:00
Code injection
2014-11-16 11:59:00
Heap overflow
2014-02-08 00:55:00
ubuntucve
ubuntucve
CVE-2014-3755
2014-11-16 00:00:00
CVE-2014-3756
2014-11-16 00:00:00
CVE-2014-0044
2014-02-08 00:00:00
debiancve
debiancve
CVE-2014-3755
2014-11-16 11:59:00
CVE-2014-3756
2014-11-16 11:59:00
CVE-2014-0044
2014-02-08 00:55:00
cvelist
cvelist
CVE-2014-3755
2014-11-16 11:00:00
CVE-2014-3756
2014-11-16 11:00:00
CVE-2014-0044
2014-02-08 00:00:00
cve
cve
CVE-2014-3755
2014-11-16 11:59:00
CVE-2014-3756
2014-11-16 11:59:00
CVE-2014-0044
2014-02-08 00:55:00
seebug
seebug
Mumble opus_packet_get_samples_per_frame函数拒绝服务漏洞
2014-02-18 00:00:00
Mumble needSamples方法堆缓冲区溢出漏洞
2014-02-17 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-05-15 00:00:00

0.085 Low

EPSS

Percentile

94.4%

JSON
Related for GLSA-201406-06
fedora5openvas11nessus9mageia1osv1freebsd1debian2prion4ubuntucve4debiancve4cvelist4cve4seebug2securityvulns1