3 matches found
CVE-2014-0045
CVE-2014-0045 affects Mumble: in needSamples, the code path via opus_decode_float does not check the return value, allowing a crafted Opus voice packet to trigger a heap-based buffer over-read/over-write and a crash, potentially enabling arbitrary code execution. Affected: Mumble 1.2.4 and the 1....
CVE-2014-0044
The CVE-2014-0044 issue affects Mumble 1.2.4 and earlier 1.2.3 pre-release snapshots where a crafted length prefix in an opus packet can trigger a NULL pointer dereference or a heap-based buffer over-read, enabling a denial of service. Connected advisories confirm the root cause lies in opus_pack...
CVE-2014-1916
The CVE-2014-1916 entry concerns MumbleKit (before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d) and Mumble for iOS (versions 1.1–1.2.2). The vulnerability lies in the client code where opus_packet_get_nb_frames and opus_packet_get_samples_per_frame do not properly validate the return value of...