CVE-2014-8099

MEDIUM

Description

The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function.

References

http://advisories.mageia.org/MGASA-2014-0532.html

http://secunia.com/advisories/61947

http://secunia.com/advisories/62292

http://www.debian.org/security/2014/dsa-3095

http://www.mandriva.com/security/advisories?name=MDVSA-2015:119

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.securityfocus.com/bid/71600

http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/

https://security.gentoo.org/glsa/201504-06

Details

Source: MITRE

Published: 2014-12-10

Updated: 2017-01-03

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM