CVE-2014-8154

Name of the Vulnerable Software and Affected Versions Vala versions 0.26.0 through 0.26.1

Description The issue is related to the Gst.MapInfo function in Vala, which uses an incorrect buffer length declaration for the Gstreamer bindings. This allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, triggering a heap-based buffer overflow.

Recommendations For Vala versions 0.26.0 and 0.26.1, consider restricting access to the Gst.MapInfo function until a patch is available. As a temporary workaround, avoid using the Gst.MapInfo function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.