CVE-2014-8100

Loading...

General

Score:6.5/10.0
Severity:Medium
Category:Buffer Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Relative vulnerabilities

CVE-2013-6424, CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103

Published on 10/12/14 - Updated on 03/01/17

Description

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2014-8100
Amazon Linux ALAS-2015-470
Arch Linux ASA-201412-14
CentOS CESA-2014:1982, CESA-2014:1983
Debian DSA-3095-1
Debian LTSDLA-120-1
Oracle Linux ELSA-2014-1982, ELSA-2014-1983
Redhat RHSA-2014:1982, RHSA-2014:1983
SUSE SUSE-SU-2015:0045, SUSE-SU-2015:0047
Ubuntu USN-2436-1

Exploits

SecurityFocusBID-71602

Relative technologies

VendorProduct
x.orgx11
x.orgxfree86
x.orgxorg-server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail