CVE-2014-8099
xorg-x11-server: out of bounds access due to not validating length or offset values in XVideo extension
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function.
La extensión XVideo en XFree86 4.0.0, X.Org X Window System (también conocido como X11 o X) X11R6.7, y X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 permite a usuarios remotos autenticados causar una denegación de servicio (lectura o escritura fuera de rango) o posivblemente ejecutar código arbitrario a través de un valor de longitud o de indice manipulado en la función (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, o (20) SProcXvListImageFormats.
Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-10 CVE Reserved
- 2014-12-09 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: Out-of-bounds Read
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://advisories.mageia.org/MGASA-2014-0532.html | X_refsource_confirm | |
http://secunia.com/advisories/61947 | Third Party Advisory | |
http://secunia.com/advisories/62292 | Third Party Advisory | |
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/71600 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09 | 2023-02-13 |
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2014/dsa-3095 | 2023-02-13 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 | 2023-02-13 | |
https://security.gentoo.org/glsa/201504-06 | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2014-8099 | 2014-12-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1168710 | 2014-12-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 6.7 Search vendor "X.org" for product "X11" and version "6.7" | - |
Affected
| ||||||
X.org Search vendor "X.org" | Xorg-server Search vendor "X.org" for product "Xorg-server" | <= 1.16.2.99.901 Search vendor "X.org" for product "Xorg-server" and version " <= 1.16.2.99.901" | - |
Affected
| ||||||
X.org Search vendor "X.org" | Xfree86 Search vendor "X.org" for product "Xfree86" | 4.0 Search vendor "X.org" for product "Xfree86" and version "4.0" | - |
Affected
|