CVE-2014-8100

10.12.2014, 15:59

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 77%

Vendor	Product	Version
x.org	xfree86	4.0.1
x.org	xorg-server	𝑥 ≤ 1.16.2.99.901
x.org	x11	6.7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xorg-server

bullseye	2:1.20.11-1+deb11u13 fixed
bullseye (security)	2:1.20.11-1+deb11u14 fixed
bookworm	2:21.1.7-3+deb12u7 fixed
bookworm (security)	2:21.1.7-3+deb12u8 fixed
sid	2:21.1.14-1 fixed
trixie	2:21.1.14-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

xorg-server

utopic	Fixed 2:1.16.0-1ubuntu1.1 released
trusty	Fixed 2:1.15.1-0ubuntu2.4 released
precise	Fixed 2:1.11.4-0ubuntu10.15 released
lucid	ignored

xorg-server-lts-trusty

utopic	dne
trusty	dne
precise	Fixed 2:1.15.1-0ubuntu2~precise3 released
lucid	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://advisories.mageia.org/MGASA-2014-0532.html

http://secunia.com/advisories/61947

http://secunia.com/advisories/62292

http://www.debian.org/security/2014/dsa-3095

http://www.mandriva.com/security/advisories?name=MDVSA-2015:119

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/71602

http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/

https://security.gentoo.org/glsa/201504-06

http://advisories.mageia.org/MGASA-2014-0532.html

http://secunia.com/advisories/61947

http://secunia.com/advisories/62292

http://www.debian.org/security/2014/dsa-3095

http://www.mandriva.com/security/advisories?name=MDVSA-2015:119

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/71602

http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/

https://security.gentoo.org/glsa/201504-06