CVE-2014-0044

Published: 8 February 2014

The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka "out-of-bounds array access").

Priority

Status

Package	Release	Status
mumble Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Not vulnerable (code not present)
	quantal	Ignored (end of life)
	saucy	Ignored (end of life)
	trusty	Does not exist (trusty was not-affected [1.2.4-0.2ubuntu1])
	upstream	Needs triage

References

https://www.cve.org/CVERecord?id=CVE-2014-0044
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737739

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›