FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mumble -- NULL pointer dereference and heap-based buffer overflow

Affected packages
1.2.4 <= mumble <= 1.2.4_6

Details

VuXML ID c2c8c84b-e734-11e3-9a25-5404a6a6412c
Discovery 2014-01-25
Entry 2014-05-29

Mumble reports:

A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access.

A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow.

References

CVE Name CVE-2014-0044
CVE Name CVE-2014-0045
URL http://mumble.info/security/Mumble-SA-2014-001.txt
URL http://mumble.info/security/Mumble-SA-2014-002.txt