CVE-2014-8103

X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
x.orgxorg-server
1.15.0
x.orgxorg-server
1.15.0.901
x.orgxorg-server
1.15.1
x.orgxorg-server
1.15.2
x.orgxorg-server
1.15.99.901
x.orgxorg-server
1.15.99.902
x.orgxorg-server
1.15.99.903
x.orgxorg-server
1.15.99.904
x.orgxorg-server
1.16.0
x.orgxorg-server
1.16.0.901
x.orgxorg-server
1.16.1
x.orgxorg-server
1.16.1.901
x.orgxorg-server
1.16.2
x.orgxorg-server
1.16.2.99.901
x.orgxorg-server
1.16.2.901
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xorg-server
bullseye
2:1.20.11-1+deb11u13
fixed
wheezy
not-affected
squeeze
not-affected
bullseye (security)
2:1.20.11-1+deb11u14
fixed
bookworm
2:21.1.7-3+deb12u7
fixed
bookworm (security)
2:21.1.7-3+deb12u8
fixed
sid
2:21.1.14-1
fixed
trixie
2:21.1.14-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xorg-server
utopic
Fixed 2:1.16.0-1ubuntu1.1
released
trusty
Fixed 2:1.15.1-0ubuntu2.4
released
precise
Fixed 2:1.11.4-0ubuntu10.15
released
lucid
ignored
xorg-server-lts-trusty
utopic
dne
trusty
dne
precise
Fixed 2:1.15.1-0ubuntu2~precise3
released
lucid
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/61947
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
https://security.gentoo.org/glsa/201504-06
http://secunia.com/advisories/61947
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
https://security.gentoo.org/glsa/201504-06