Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3755

The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

Related bugs and status

CVE-2014-3755 (Candidate) is related to these bugs:

Bug #1335597: CVE-2014-3755 and CVE-2014-3756

		In	Importance	Status
1335597	CVE-2014-3755 and CVE-2014-3756	mumble (Ubuntu)	Undecided	Fix Released
1335597	CVE-2014-3755 and CVE-2014-3756	mumble (Debian)	Unknown	Fix Released
1335597	CVE-2014-3755 and CVE-2014-3756	mumble (Ubuntu Utopic)	Undecided	Fix Released
1335597	CVE-2014-3755 and CVE-2014-3756	mumble (Ubuntu Trusty)	Undecided	Fix Released
1335597	CVE-2014-3755 and CVE-2014-3756	mumble (Ubuntu Precise)	Undecided	Won't Fix
1335597	CVE-2014-3755 and CVE-2014-3756	mumble (Ubuntu Saucy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014051...
MLIST: [oss-security] 2014051...
MISC: https://qt.gitorious.o...
CONFIRM: http://mumble.info/sec...
BID: 67400