CVE-2014-1916

The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
light_speed_gamingmumblekit
-
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mumble
saucy
not-affected
quantal
not-affected
precise
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://mumble.info/security/Mumble-SA-2014-003.txt
http://osvdb.org/102957
http://mumble.info/security/Mumble-SA-2014-003.txt
http://osvdb.org/102957