CVE-2014-8099: Buffer Overflow
First published: Wed Dec 10 2014(Updated: )
The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X.org X.org | =6.7 | |
| Ubuntu X Server Legacy | <=1.16.2.99.901 | |
| XFree86 | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0532.html
- http://secunia.com/advisories/61947
- http://secunia.com/advisories/62292
- http://www.debian.org/security/2014/dsa-3095
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:119
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.securityfocus.com/bid/71600
- http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
- https://security.gentoo.org/glsa/201504-06
Frequently Asked Questions
What is the severity of CVE-2014-8099?
CVE-2014-8099 has been classified as a high severity vulnerability due to its potential to cause denial of service or execute arbitrary code.
How do I fix CVE-2014-8099?
To resolve CVE-2014-8099, upgrade to X.Org Server version 1.16.3 or later.
What systems are affected by CVE-2014-8099?
CVE-2014-8099 affects XFree86 4.0, X.org X11 version 6.7, and X.Org Server prior to version 1.16.3.
Can CVE-2014-8099 be exploited remotely?
Yes, CVE-2014-8099 can be exploited by remote authenticated users.
What type of vulnerability is CVE-2014-8099?
CVE-2014-8099 is primarily an out-of-bounds read or write vulnerability leading to denial of service.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/x.org
- canonical/x.org x.org
- version/x.org x.org/6.7
- canonical/ubuntu x server legacy
- version/ubuntu x server legacy/1.16.2.99.901
- canonical/xfree86
- version/xfree86/4.0