FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mumble -- NULL pointer dereference and heap-based buffer overflow

Affected packages
1.2.4	<=	mumble	<=	1.2.4_6

Details

VuXML ID	c2c8c84b-e734-11e3-9a25-5404a6a6412c
Discovery	2014-01-25
Entry	2014-05-29

Mumble reports:

A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access.

A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow.

[source]

References

CVE Name	CVE-2014-0044
CVE Name	CVE-2014-0045
URL	http://mumble.info/security/Mumble-SA-2014-001.txt
URL	http://mumble.info/security/Mumble-SA-2014-002.txt