Several issues have been discovered in mumble, a low latency VoIP client. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-0044 It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malicious remote attacker could exploit this flaw to mount a denial of service attack against a mumble client by causing the application to crash. CVE-2014-0445 It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow. A malicious remote attacker could use this flaw to cause a client crash or potentially use it to execute arbitrary code. The oldstable distribution is not affected by these problems.