Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-8154

Published: 27 January 2015

The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.

Notes

AuthorNote
mdeslaur
introduced by:
https://git.gnome.org/browse/vala/commit/vapi/gstreamer-1.0.vapi?id=c4bf7f02c51d84a91768652a490d2389e2e00092

Priority

Medium

Status

Package Release Status
vala
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life)
precise Not vulnerable
(code-not-present)
trusty Does not exist

upstream Needs triage

utopic Does not exist

vala-0.14
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
(code-not-present)
trusty Does not exist
(trusty was not-affected [code-not-present])
upstream Needs triage

utopic Not vulnerable
(code-not-present)
vala-0.16
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
(code-not-present)
trusty Does not exist
(trusty was not-affected [code-not-present])
upstream Needs triage

utopic Not vulnerable
(code-not-present)
vala-0.18
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

utopic Not vulnerable

vala-0.20
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

utopic Not vulnerable

vala-0.22
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

utopic Does not exist

vala-0.26
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (0.26.2)
utopic Does not exist

Patches:
upstream: https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7