CVE-2014-8100: Buffer Overflow
First published: Wed Dec 10 2014(Updated: )
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| XFree86 | =4.0.1 | |
| Ubuntu X Server Legacy | <=1.16.2.99.901 | |
| X.org X.org | =6.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0532.html
- http://secunia.com/advisories/61947
- http://secunia.com/advisories/62292
- http://www.debian.org/security/2014/dsa-3095
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:119
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.securityfocus.com/bid/71602
- http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
- https://security.gentoo.org/glsa/201504-06
Frequently Asked Questions
What is the severity of CVE-2014-8100?
CVE-2014-8100 has a high severity rating as it can lead to denial of service or arbitrary code execution.
How do I fix CVE-2014-8100?
To fix CVE-2014-8100, upgrade XFree86 or X.Org server to the latest stable version beyond the affected versions.
Who is affected by CVE-2014-8100?
Users of XFree86 version 4.0.1, X.Org X Window System up to version 1.16.2.99.901, and X.org version 6.7 are affected by CVE-2014-8100.
What types of attacks are possible with CVE-2014-8100?
CVE-2014-8100 allows for denial of service attacks through out-of-bounds read or write vulnerabilities and possible execution of arbitrary code.
Is CVE-2014-8100 a remote or local vulnerability?
CVE-2014-8100 is a vulnerability that can be exploited by remote authenticated users.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/x.org
- canonical/xfree86
- version/xfree86/4.0.1
- canonical/ubuntu x server legacy
- version/ubuntu x server legacy/1.16.2.99.901
- canonical/x.org x.org
- version/x.org x.org/6.7