Published: 27/01/2015 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent malicious users to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome vala 0.26.1
gnome vala 0.26.0
opensuse opensuse 13.2

Debian Bug report logs - #775913 vala-026: CVE-2014-8154: Heap-buffer overflow in vala-gstreamer bindings at GstMapInfo() Package: src:vala-026; Maintainer for src:vala-026 is Maintainers of Vala packages <pkg-vala-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: We ...

The GstMapInfo function in Vala 0260 and 0261 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=1181404 http://lists.opensuse.org/opensuse-updates/2015-01/msg00069.html https://bugzilla.redhat.com/show_bug.cgi?id=1177840 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775913 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-8154

CVE-2014-8154

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect