CVE-2014-0045

The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:light_speed_gaming:mumble:1.2:*:*:*:*:iphone_os:*:*
cpe:2.3:a:light_speed_gaming:mumble:1.2.1:*:*:*:*:iphone_os:*:*
cpe:2.3:a:light_speed_gaming:mumble:1.1.1:*:*:*:*:iphone_os:*:*
cpe:2.3:a:light_speed_gaming:mumble:1.1:rc1:*:*:*:iphone_os:*:*
cpe:2.3:a:light_speed_gaming:mumble:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:light_speed_gaming:mumble:1.1:*:*:*:*:iphone_os:*:*
cpe:2.3:a:light_speed_gaming:mumble:1.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:light_speed_gaming:mumble:1.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:light_speed_gaming:mumble:1.2.3:rc3:*:*:*:*:*:*
cpe:2.3:a:light_speed_gaming:mumble:1.2.2:*:*:*:*:iphone_os:*:*
cpe:2.3:a:light_speed_gaming:mumblekit:-:*:*:*:*:*:*:*

Information

Published : 2014-02-07 16:55

Updated : 2016-12-30 18:59


NVD link : CVE-2014-0045

Mitre link : CVE-2014-0045


JSON object : View

CWE
CWE-189

Numeric Errors

Advertisement

dedicated server usa

Products Affected

light_speed_gaming

  • mumblekit
  • mumble