oss-sec mailing list archives
Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006
From: cve-assign () mitre org
Date: Wed, 14 May 2014 23:17:22 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mumble-SA-2014-005 [http://mumble.info/security/Mumble-SA-2014-005.txt] - SVG images with local file references could trigger client DoS
Qt's QSvg module's SVG renderer will follow file references found in SVG's image tag and XML stylesheet references. For image tags, Qt tries to load the referenced file using QImage's constructor that takes a file path. Further processing is then delegated to an image format plugin. For XML stylsheets, Qt will attempt to open the referenced file using QFile followed by a call to the readAll(), which will read the file until EOF. These two possibilities makes it easy to cause a Mumble client to hang
Use CVE-2014-3755.
Mumble-SA-2014-006 [http://mumble.info/security/Mumble-SA-2014-006.txt] - The Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context.
By default, many Qt widgets sniff their text content to determine whether or not to use to render the text as HTML. However, in some places, the Mumble client neglected to properly escape external strings when used rich-text enabled Qt widgets.
Use CVE-2014-3756. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTdDFtAAoJEKllVAevmvmsEJkIAIU2hoalUJixp8Wmpyqg0SvI t12IioHB0evU+BbyuOVDFdIUDD4KMo8OuKtMZGlvX1SWdgTUbhQo0wZ/3potGmjs c7Df8+RZD3Zp8Ajn550vv/3mG1kQc+TPDOoBiiaDDpIErH39SPL1rHzUTIMm7GXD BH3iOdsmS8PgO76pM3RLwAo07hlvvkPdXl4C0BqL7Ng6vJ2bCgdYLcYRQaVrPsbb ZrZR4SUxAQ0U+/9zOz7LMMZB3oAwfTaqviqONMWZuxdENlNgzlESr3Y5lFtgkwVT l3dHzZvcODnZcgbj7aCGAAh7gbaE4NmqiZkQA7q9xeVopl+8zg5eTZq6bNF+4zk= =8lvm -----END PGP SIGNATURE-----
Current thread:
- Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 Mikkel Krautz (May 14)
- Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 cve-assign (May 14)