DSA-2854-1 mumble -- severalID: oval:org.secpod.oval:def:601205 | Date: (C)2014-02-06 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several issues have been discovered in mumble, a low latency VoIP client. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-0044 It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malicious remote attacker could exploit this flaw to mount a denial of service attack against a mumble client by causing the application to crash. CVE-2014-0445 It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow. A malicious remote attacker could use this flaw to cause a client crash or potentially use it to execute arbitrary code. The oldstable distribution is not affected by these problems.