CVE-2014-8094

Loading...

General

Score:6.5/10.0
Severity:Medium
Category:Numeric Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Relative vulnerabilities

CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103

Published on 10/12/14 - Updated on 03/01/17

Description

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.

Category: Numeric Error

CWE-190 (Integer Overflow or Wraparound)
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Security Notices

US National Vulnerability DatabaseCVE-2014-8094
Amazon Linux ALAS-2015-470
Arch Linux ASA-201412-14
CentOS CESA-2014:1983
Debian DSA-3095-1
Debian LTSDLA-120-1
Oracle Linux ELSA-2014-1983
Redhat RHSA-2014:1983
SUSE SUSE-SU-2015:0045, SUSE-SU-2015:0047
Ubuntu USN-2436-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
debiandebian_linux
oraclesolaris
x.orgxorg-server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail