CVE-2014-3755 - OpenCVE

The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mumble	Mumble

Configuration 1 [-]

OR	cpe:2.3:a:mumble:mumble::::::::
	cpe:2.3:a:mumble:mumble:1.2.0:::::::*
	cpe:2.3:a:mumble:mumble:1.2.1:::::::*
	cpe:2.3:a:mumble:mumble:1.2.2:::::::*
	cpe:2.3:a:mumble:mumble:1.2.3:::::::*
	cpe:2.3:a:mumble:mumble:1.2.3:rc1::::::
	cpe:2.3:a:mumble:mumble:1.2.3:rc2::::::
	cpe:2.3:a:mumble:mumble:1.2.3:rc3::::::
	cpe:2.3:a:mumble:mumble:1.2.4:::::::*
	cpe:2.3:a:mumble:mumble:1.2.4:beta1::::::
	cpe:2.3:a:mumble:mumble:1.2.4:rc1::::::

No data.

References

Link	Providers
http://mumble.info/security/Mumble-SA-2014-005.txt
http://www.openwall.com/lists/oss-security/2014/05/15/1
http://www.openwall.com/lists/oss-security/2014/05/15/4
http://www.securityfocus.com/bid/67400
https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-11-16T11:00:00

Updated: 2024-08-06T10:57:16.137Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3755

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-11-16T11:59:02.853

Modified: 2014-11-17T17:38:37.643

Link: CVE-2014-3755

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-11-16T04:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://mumble.info/security/Mumble-SA-2014-005.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"}, {"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"name": "67400", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67400"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3755", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://mumble.info/security/Mumble-SA-2014-005.txt", "refsource": "CONFIRM", "url": "http://mumble.info/security/Mumble-SA-2014-005.txt"}, {"name": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814", "refsource": "MISC", "url": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"}, {"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"name": "67400", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67400"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:57:16.137Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mumble.info/security/Mumble-SA-2014-005.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"}, {"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"name": "67400", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67400"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3755", "datePublished": "2014-11-16T11:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:57:16.137Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mumble:mumble:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC850AD0-C5D7-411F-85EC-7D8586D53828", "versionEndIncluding": "1.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "980EAE3E-CB6A-4859-BA0E-BD59F3C0CB7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "97FA20D9-BD99-4B11-97B5-A37B8FBFC3AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D3836E7A-B841-477D-9740-070C995722B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F5668D3D-66DC-48E5-B2A5-B419ED0921D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "0DCF3E24-3114-4C9E-BA64-72F10E2825FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "B4179BE7-916D-4235-957F-67266B986D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "720F26B9-457E-49D0-9CA4-0F9F2EA21CD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "A0141BB8-B42D-49BD-88AE-FD8A8F229600", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.4:beta1:*:*:*:*:*:*", "matchCriteriaId": "E2279EAF-18B7-401F-A2A8-ED7DC85A2E8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "745438C8-081F-45FD-B5D6-CF2FE8C48314", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file."}, {"lang": "es", "value": "El modulo QSvg en Qt, usado en Mumble client 1.2.x anterior a 1.2.6, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue y el consumo de recursos)a trav\u00e9s de la referencia de un archivo local en (1) una etiqueta de imagen o (2)en una hoja de estilos XML dentro de un archivo SVG."}], "id": "CVE-2014-3755", "lastModified": "2014-11-17T17:38:37.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-16T11:59:02.853", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://mumble.info/security/Mumble-SA-2014-005.txt"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67400"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}