CVE-2014-8100

EUVD-2014-7947

10.12.2014, 15:59

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Affected Products (NVD)

Vendor	Product	Version
x.org	xfree86	4.0.1
x.org	x_server	𝑥 ≤ 1.16.2.99.901
x.org	x11	6.7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xorg-server

bookworm	2:21.1.7-3+deb12u7 fixed
bookworm (security)	2:21.1.7-3+deb12u8 fixed
bullseye	2:1.20.11-1+deb11u13 fixed
bullseye (security)	2:1.20.11-1+deb11u14 fixed
sid	2:21.1.14-1 fixed
trixie	2:21.1.14-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

xorg-server

lucid	ignored
precise	Fixed 2:1.11.4-0ubuntu10.15 released
trusty	Fixed 2:1.15.1-0ubuntu2.4 released
utopic	Fixed 2:1.16.0-1ubuntu1.1 released

xorg-server-lts-trusty

lucid	dne
precise	Fixed 2:1.15.1-0ubuntu2~precise3 released
trusty	dne
utopic	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://advisories.mageia.org/MGASA-2014-0532.html

http://secunia.com/advisories/61947

http://secunia.com/advisories/62292

http://www.debian.org/security/2014/dsa-3095

http://www.mandriva.com/security/advisories?name=MDVSA-2015:119

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/71602

http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/

https://security.gentoo.org/glsa/201504-06

http://advisories.mageia.org/MGASA-2014-0532.html

http://secunia.com/advisories/61947

http://secunia.com/advisories/62292

http://www.debian.org/security/2014/dsa-3095

http://www.mandriva.com/security/advisories?name=MDVSA-2015:119

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/71602

http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/

https://security.gentoo.org/glsa/201504-06