Candidate: CVE-2014-2892
PublicDate: 2014-04-22 14:23:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2892
 http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
Description:
 Heap-based buffer overflow in the get_answer function in mmsh.c in libmms
 before 0.6.4 allows remote attackers to execute arbitrary code via a long
 line in an MMS over HTTP (MMSH) server response.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745301
 https://bugs.launchpad.net/ubuntu/+source/libmms/+bug/1306657
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_libmms:
 upstream: http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
upstream_libmms: released (0.6.2-4)
lucid_libmms: ignored (reached end-of-life)
precise_libmms: released (0.6.2-2ubuntu0.1)
quantal_libmms: ignored (reached end-of-life)
saucy_libmms: ignored (reached end-of-life)
trusty_libmms: released (0.6.2-3ubuntu2.1)
trusty/esm_libmms: released (0.6.2-3ubuntu2.1)
utopic_libmms: ignored (reached end-of-life)
vivid_libmms: ignored (reached end-of-life)
vivid/stable-phone-overlay_libmms: not-affected (0.6.2-4build1)
vivid/ubuntu-core_libmms: DNE
wily_libmms: not-affected (0.6.2-4build1)
xenial_libmms: not-affected (0.6.4-1)
devel_libmms: not-affected (0.6.4-1)