Heap overflow

The opuspacketgetsamplesperframe function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service crash via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read aka "out-of-bounds array...

Heap overflow

The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opusdecodefloat function, which allows...

CVE-2014-0044

The CVE-2014-0044 issue affects Mumble 1.2.4 and earlier 1.2.3 pre-release snapshots where a crafted length prefix in an opus packet can trigger a NULL pointer dereference or a heap-based buffer over-read, enabling a denial of service. Connected advisories confirm the root cause lies in opus_pack...

CVE-2014-0044

The opuspacketgetsamplesperframe function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service crash via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read aka "out-of-bounds array...