Vulnerability Description
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Vala | 0.26.0 |
| Opensuse | Opensuse | 13.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00069.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1177840Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=1181404
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00069.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1177840Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=1181404
FAQ
What is CVE-2014-8154?
CVE-2014-8154 is a vulnerability with a CVSS score of 7.5 (HIGH). The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash)...
How severe is CVE-2014-8154?
CVE-2014-8154 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8154?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Vala, Opensuse Opensuse.