← Back

CVE-2014-3756

nvd nist
Published: Nov 16, 2014Modified: May 6, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.

Affected (11)

Products: Mumble: Mumble
Mumble
1 product
Mumble
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Mumble
Mumble
Version 1.2.0
Mumble
Version 1.2.1
Mumble
Version 1.2.2
Mumble
Version 1.2.3
Mumble
Version 1.2.3 rc1
Mumble
Version 1.2.3 rc2
Mumble
Version 1.2.3 rc3
Mumble
Version 1.2.4
Mumble
Version 1.2.4 beta1
Mumble
Version 1.2.4 rc1
Mumble
Version 1.2.5

Related CWEs

CWE-19
CWE-19

References (8)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.