CVE-2014-8100
10.12.2014, 15:59
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| x.org | xfree86 | 4.0.1 |
| x.org | x_server | 𝑥 ≤ 1.16.2.99.901 |
| x.org | x11 | 6.7 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| xorg-x11-server-Xdmx |
| ||||
| xorg-x11-server-Xephyr |
| ||||
| xorg-x11-server-Xnest |
| ||||
| xorg-x11-server-Xorg |
| ||||
| xorg-x11-server-Xvfb |
| ||||
| xorg-x11-server-common |
| ||||
| xorg-x11-server-devel |
| ||||
| xorg-x11-server-source |
|
Common Weakness Enumeration
References