CVE-2014-8154
Published: 27 January 2015
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
Notes
Author | Note |
---|---|
mdeslaur | introduced by: https://git.gnome.org/browse/vala/commit/vapi/gstreamer-1.0.vapi?id=c4bf7f02c51d84a91768652a490d2389e2e00092 |
Priority
Status
Package | Release | Status |
---|---|---|
vala Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Not vulnerable
(code-not-present)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vala-0.14 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
(code-not-present)
|
|
trusty |
Does not exist
(trusty was not-affected [code-not-present])
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(code-not-present)
|
|
vala-0.16 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
(code-not-present)
|
|
trusty |
Does not exist
(trusty was not-affected [code-not-present])
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(code-not-present)
|
|
vala-0.18 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
|
|
vala-0.20 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
|
|
vala-0.22 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vala-0.26 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(0.26.2)
|
|
utopic |
Does not exist
|
|
Patches: upstream: https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7 |