CVE-2014-3755 - Vulnerability Details - OpenCVE

The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0112.

Key SSVC decision points have not yet been added.

Vendors	Products
Mumble	Mumble

Configuration 1 [-]

OR	cpe:2.3:a:mumble:mumble::::::::
	cpe:2.3:a:mumble:mumble:1.2.0:::::::*
	cpe:2.3:a:mumble:mumble:1.2.1:::::::*
	cpe:2.3:a:mumble:mumble:1.2.2:::::::*
	cpe:2.3:a:mumble:mumble:1.2.3:::::::*
	cpe:2.3:a:mumble:mumble:1.2.3:rc1::::::
	cpe:2.3:a:mumble:mumble:1.2.3:rc2::::::
	cpe:2.3:a:mumble:mumble:1.2.3:rc3::::::
	cpe:2.3:a:mumble:mumble:1.2.4:::::::*
	cpe:2.3:a:mumble:mumble:1.2.4:beta1::::::
	cpe:2.3:a:mumble:mumble:1.2.4:rc1::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2014-3694	The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://mumble.info/security/Mumble-SA-2014-005.txt
http://www.openwall.com/lists/oss-security/2014/05/15/1
http://www.openwall.com/lists/oss-security/2014/05/15/4
http://www.securityfocus.com/bid/67400
https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-11-16T11:00:00

Updated: 2024-08-06T10:57:16.137Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3755

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-11-16T11:59:02.853

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-3755

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-11-16T04:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://mumble.info/security/Mumble-SA-2014-005.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"}, {"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"name": "67400", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67400"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3755", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://mumble.info/security/Mumble-SA-2014-005.txt", "refsource": "CONFIRM", "url": "http://mumble.info/security/Mumble-SA-2014-005.txt"}, {"name": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814", "refsource": "MISC", "url": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"}, {"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"name": "67400", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67400"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:57:16.137Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mumble.info/security/Mumble-SA-2014-005.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"}, {"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"name": "67400", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67400"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3755", "datePublished": "2014-11-16T11:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:57:16.137Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mumble:mumble:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC850AD0-C5D7-411F-85EC-7D8586D53828", "versionEndIncluding": "1.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "980EAE3E-CB6A-4859-BA0E-BD59F3C0CB7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "97FA20D9-BD99-4B11-97B5-A37B8FBFC3AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D3836E7A-B841-477D-9740-070C995722B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F5668D3D-66DC-48E5-B2A5-B419ED0921D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "0DCF3E24-3114-4C9E-BA64-72F10E2825FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "B4179BE7-916D-4235-957F-67266B986D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "720F26B9-457E-49D0-9CA4-0F9F2EA21CD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "A0141BB8-B42D-49BD-88AE-FD8A8F229600", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.4:beta1:*:*:*:*:*:*", "matchCriteriaId": "E2279EAF-18B7-401F-A2A8-ED7DC85A2E8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "745438C8-081F-45FD-B5D6-CF2FE8C48314", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file."}, {"lang": "es", "value": "El modulo QSvg en Qt, usado en Mumble client 1.2.x anterior a 1.2.6, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue y el consumo de recursos)a trav\u00e9s de la referencia de un archivo local en (1) una etiqueta de imagen o (2)en una hoja de estilos XML dentro de un archivo SVG."}], "id": "CVE-2014-3755", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-16T11:59:02.853", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://mumble.info/security/Mumble-SA-2014-005.txt"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67400"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://mumble.info/security/Mumble-SA-2014-005.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67400"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}