CVE-2014-0045Mumble vulnerability

CWE-1898 documents5 sources
Severity
7.5HIGHNVD
EPSS
2.7%
top 14.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MumbleDebian MumbleLight Speed Gaming Mumble
Timeline
PublishedFeb 8
Latest updateMay 17

Description

The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative intege

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/mumble< mumble 1.2.4-0.2 (bookworm)
Debianmumble/mumble< 1.2.4-0.2+3
NVDlight_speed_gaming/mumble7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-55pr-qg64-v8m8: The needSamples method in AudioOutputSpeech2022-05-17
OSV
CVE-2014-0045: The needSamples method in AudioOutputSpeech2014-02-08

📋Vendor Advisories

1
Debian
CVE-2014-0045: mumble - The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 an...2014

💬Community

4
Bugzilla
CVE-2014-0044 CVE-2014-0045 mumble: various flaws [fedora-all]2014-02-05
Bugzilla
CVE-2014-0045 mumble: NULL pointer dereference leads to denial of service2014-02-05
Bugzilla
CVE-2013-6447 JBoss Seam: XML eXternal Entity (XXE) flaw in remoting2013-12-19
Bugzilla
CVE-2013-6448 JBoss Seam: Information disclosure in remoting2013-12-19
CVE-2014-0045 — Debian Mumble vulnerability | cvebase