CVE-2014-3970 | Vulnerability Database | Aqua Security

The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.

Affected Software

Name	Vendor	Start Version	End Version
Pulseaudio	Pulseaudio	1.0 (including)	1.0 (including)
Pulseaudio	Pulseaudio	1.1 (including)	1.1 (including)
Pulseaudio	Pulseaudio	1.99.1 (including)	1.99.1 (including)
Pulseaudio	Pulseaudio	1.99.2 (including)	1.99.2 (including)
Pulseaudio	Pulseaudio	2.0 (including)	2.0 (including)
Pulseaudio	Pulseaudio	2.1 (including)	2.1 (including)
Pulseaudio	Pulseaudio	3.0 (including)	3.0 (including)
Pulseaudio	Pulseaudio	4.0 (including)	4.0 (including)
Pulseaudio	Pulseaudio	5.0 (including)	5.0 (including)

References

http://advisories.mageia.org/MGASA-2014-0440.html
http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html
http://seclists.org/oss-sec/2014/q2/429
http://seclists.org/oss-sec/2014/q2/437
http://secunia.com/advisories/60624
http://www.mandriva.com/security/advisories?name=MDVSA-2015:134
http://www.securityfocus.com/bid/67814

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3970
CWE	https://cwe.mitre.org/data/definitions/.html