CVE-2014-3755

Published: Nov 16, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

Affected (11)

Products: Mumble: Mumble

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Mumble Mumble	Up to 1.2.5
Mumble Mumble	Version 1.2.0
Mumble Mumble	Version 1.2.1
Mumble Mumble	Version 1.2.2
Mumble Mumble	Version 1.2.3
Mumble Mumble	Version 1.2.3 rc1
Mumble Mumble	Version 1.2.3 rc2
Mumble Mumble	Version 1.2.3 rc3
Mumble Mumble	Version 1.2.4
Mumble Mumble	Version 1.2.4 beta1
Mumble Mumble	Version 1.2.4 rc1

Related CWEs

References (10)

http://mumble.info/security/Mumble-SA-2014-005.txt

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/05/15/1

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/05/15/4

Source: cve@mitre.org

http://www.securityfocus.com/bid/67400

Source: cve@mitre.org

https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814

Source: cve@mitre.org

Exploit

http://mumble.info/security/Mumble-SA-2014-005.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/05/15/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/05/15/4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/67400

Source: af854a3a-2127-422b-91ae-364da2661108

https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.