Jump to:

CVE-2014-8154

Jump to:

CVE-2014-8154

Package vala updated to version 0.26.2-alt1 for branch sisyphus in task 138475.

Published: 2015-01-27
Modified: 2024-11-21

CVE-2014-8154

The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.

Severity: HIGH (7.5)

References:

openSUSE-SU-2015:0131
openSUSE-SU-2015:0131
https://bugzilla.redhat.com/show_bug.cgi?id=1177840
https://bugzilla.redhat.com/show_bug.cgi?id=1177840
https://bugzilla.redhat.com/show_bug.cgi?id=1181404
https://bugzilla.redhat.com/show_bug.cgi?id=1181404

Version: 2.1.0

Package vala update in sisyphus on 2015-01-15

ALT-PU-2015-1036-1

Closed vulnerabilities

CVE-2014-8154