Vulnerability CVE-2014-3755


Published: 2014-11-16

Description:
The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Mumble -> Mumble 

 References:
https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814
http://www.securityfocus.com/bid/67400
http://www.openwall.com/lists/oss-security/2014/05/15/4
http://www.openwall.com/lists/oss-security/2014/05/15/1
http://mumble.info/security/Mumble-SA-2014-005.txt

Copyright 2024, cxsecurity.com

 

Back to Top