CVE-2014-8154
Vala 0.26.0 and 0.26.1 - Heap-Based Buffer Overflow in Gst.MapInfo
Title source: llmDescription
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
References (3)
Core 3
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-01/msg00069.html
Patch x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1177840
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1181404
Scores
EPSS
0.0089
EPSS Percentile
75.8%
Details
CWE
CWE-119
Status
published
Products (3)
gnome/vala
0.26.0
gnome/vala
0.26.1
opensuse/opensuse
13.2
Published
Jan 27, 2015
Tracked Since
Feb 18, 2026