CVE-2014-2892

Name of the Vulnerable Software and Affected Versions libmms versions prior to 0.6.4

Description The issue is related to a heap-based buffer overflow in the get answer function in mmsh.c in libmms. This allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response. Multiple vulnerabilities in the libmms package may lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely.

Recommendations For libmms versions prior to 0.6.4, update to version 0.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the get answer function in mmsh.c until a patch is available.