Lucene search

[email protected]CVE-2014-8100

HistoryDec 10, 2014 - 3:59 p.m.

CVE-2014-8100

2014-12-1015:59:13

CWE-119

[email protected]

web.nvd.nist.gov

x.org

x window system

x11

x11r6.7

x.org server

cve-2014-8100

security

vulnerability

denial of service

remote code execution

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.3%

JSON

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.

Affected configurations

NVD

Node

x.orgxfree86Match4.0.1

Node

x.orgxorg-serverRange≤1.16.2.99.901

Node

x.orgx11Match6.7

CPENameOperatorVersion
x.org:xfree86x.org xfree86eq4.0.1

CPE	Name	Operator	Version
x.org:xfree86	x.org xfree86	eq	4.0.1

References

advisories.mageia.org/MGASA-2014-0532.html

secunia.com/advisories/61947

secunia.com/advisories/62292

www.debian.org/security/2014/dsa-3095

www.mandriva.com/security/advisories?name=MDVSA-2015:119

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/bid/71602

www.x.org/wiki/Development/Security/Advisory-2014-12-09/

security.gentoo.org/glsa/201504-06

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2014-8100

veracode1 nvd1 ubuntucve1 cvelist1 prion1 debiancve1 nessus22 redhat2 centos2 openvas15 freebsd1 osv1 ibm1 amazon1 securityvulns2 oraclelinux2 suse1 mageia1 debian2 slackware1 ubuntu1 archlinux1 gentoo1 fedora3 oracle1