The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mumble | Mumble | * | 1.2.5 (including) |
| Mumble | Mumble | 1.2.0 (including) | 1.2.0 (including) |
| Mumble | Mumble | 1.2.1 (including) | 1.2.1 (including) |
| Mumble | Mumble | 1.2.2 (including) | 1.2.2 (including) |
| Mumble | Mumble | 1.2.3 (including) | 1.2.3 (including) |
| Mumble | Mumble | 1.2.3-rc1 (including) | 1.2.3-rc1 (including) |
| Mumble | Mumble | 1.2.3-rc2 (including) | 1.2.3-rc2 (including) |
| Mumble | Mumble | 1.2.3-rc3 (including) | 1.2.3-rc3 (including) |
| Mumble | Mumble | 1.2.4 (including) | 1.2.4 (including) |
| Mumble | Mumble | 1.2.4-beta1 (including) | 1.2.4-beta1 (including) |
| Mumble | Mumble | 1.2.4-rc1 (including) | 1.2.4-rc1 (including) |
| Mumble | Ubuntu | lucid | * |
| Mumble | Ubuntu | precise | * |
| Mumble | Ubuntu | quantal | * |
| Mumble | Ubuntu | saucy | * |
| Mumble | Ubuntu | trusty | * |
| Mumble | Ubuntu | upstream | * |