CVE-2014-8095: Buffer Overflow
First published: Wed Dec 10 2014(Updated: )
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian GNU/Linux | =7.0 | |
| X.org X.org | =4.0 | |
| X.Org xorg-server | <=1.16.2.99.901 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0532.html
- http://secunia.com/advisories/61947
- http://secunia.com/advisories/62292
- http://www.debian.org/security/2014/dsa-3095
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:119
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.securityfocus.com/bid/71599
- http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
- https://security.gentoo.org/glsa/201504-06
Frequently Asked Questions
What is the severity of CVE-2014-8095?
CVE-2014-8095 is considered a high severity vulnerability due to its potential to cause denial of service or execute arbitrary code.
How do I fix CVE-2014-8095?
To fix CVE-2014-8095, update the X.Org Server to version 1.16.3 or later.
Who is affected by CVE-2014-8095?
CVE-2014-8095 affects users of X.Org Server versions prior to 1.16.3 and specific versions of Debian Linux.
What kind of attack can exploit CVE-2014-8095?
CVE-2014-8095 can be exploited through crafted length or index values leading to out-of-bounds read or write operations.
Are there any known exploits for CVE-2014-8095?
While specific exploits are not publicly documented, the vulnerability's characteristics suggest it can be leveraged to execute arbitrary code.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- vendor/x.org
- canonical/x.org x.org
- version/x.org x.org/4.0
- canonical/x.org xorg-server
- version/x.org xorg-server/1.16.2.99.901