CVE-2014-8100

MEDIUM

Description

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.

References

http://advisories.mageia.org/MGASA-2014-0532.html

http://secunia.com/advisories/61947

http://secunia.com/advisories/62292

http://www.debian.org/security/2014/dsa-3095

http://www.mandriva.com/security/advisories?name=MDVSA-2015:119

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/71602

http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/

https://security.gentoo.org/glsa/201504-06

Details

Source: MITRE

Published: 2014-12-10

Updated: 2017-01-03

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM