CVE-2014-3755 — Mumble vulnerability

CWE-3995 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.1%

top 21.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mumble Debian Mumble

Timeline

PublishedNov 16

Latest updateMay 17

Description

The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mumble< mumble 1.2.6-1 (bookworm)

▶Debianmumble/mumble< 1.2.6-1+3

▶NVDmumble/mumble1.2.5+5

🔴Vulnerability Details

GHSA

GHSA-3923-6jq3-5x25: The QSvg module in Qt, as used in the Mumble client 1↗2022-05-17

▶

OSV

CVE-2014-3755: The QSvg module in Qt, as used in the Mumble client 1↗2014-11-16

▶

📋Vendor Advisories

Debian

CVE-2014-3755: mumble - The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows r...↗2014

▶

💬Community

Bugzilla

CVE-2014-3755 mumble: Mumble-SA-2014-005 - SVG images with local file references could trigger client DoS↗2014-05-15

▶