CVE-2014-3756

Name of the Vulnerable Software and Affected Versions Mumble versions 1.2.x through 1.2.5

Description The issue allows remote attackers to cause a denial of service, resulting in hang and resource consumption, by forcing the loading of an external file via a crafted string treated as rich-text by a Qt widget. This can be achieved through various means, including the user or channel name in a Qt dialog, subject common name or email address to the Certificate Wizard, or server name in a tooltip.

Recommendations For Mumble versions 1.2.x through 1.2.5, update to version 1.2.6 or later to resolve the issue.