VDB

GCVE-110-MAGEIA-2014-245

GCVE-110-MAGEIA-2014-245
Advisory Published
Vulnetix · Advisory published May 30, 2014
Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be triggered remotely by an entity participating in a Mumble voice chat, using text messages, channel comments, user comments and user textures/avatars (CVE-2014-3755). In Mumble before 1.2.6, The Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context. In some situations, this could be abused to perform a Denial of Service attack on a Mumble client by causing it to load external files via the HTML (CVE-2014-3756).

Affected Products

VendorProductVersionsPlatforms
Mageiamumble0 (affected), 1.2.3-10.1.mga3 (unaffected)
Mageiamumble0 (affected), 1.2.3-14.1.mga4 (unaffected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›