VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 8, 2014· Updated Apr 29, 2026

CVE-2014-0045

CVE-2014-0045

Description

The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.

Affected products

11
  • Light Speed Gaming/Mumble10 versions
    cpe:2.3:a:light_speed_gaming:mumble:1.1.1:*:*:*:*:iphone_os:*:*+ 9 more
    • cpe:2.3:a:light_speed_gaming:mumble:1.1.1:*:*:*:*:iphone_os:*:*
    • cpe:2.3:a:light_speed_gaming:mumble:1.1:*:*:*:*:iphone_os:*:*
    • cpe:2.3:a:light_speed_gaming:mumble:1.1:rc1:*:*:*:iphone_os:*:*
    • cpe:2.3:a:light_speed_gaming:mumble:1.2.1:*:*:*:*:iphone_os:*:*
    • cpe:2.3:a:light_speed_gaming:mumble:1.2.2:*:*:*:*:iphone_os:*:*
    • cpe:2.3:a:light_speed_gaming:mumble:1.2.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:light_speed_gaming:mumble:1.2.3:rc2:*:*:*:*:*:*
    • cpe:2.3:a:light_speed_gaming:mumble:1.2.3:rc3:*:*:*:*:*:*
    • cpe:2.3:a:light_speed_gaming:mumble:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:light_speed_gaming:mumble:1.2:*:*:*:*:iphone_os:*:*
  • Light Speed Gaming/Mumblekit
    cpe:2.3:a:light_speed_gaming:mumblekit:-:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.