CVE-2014-2977

Currently unrated

Key Information:

Vendor
Suse
Status
Linux Enterprise Software Development Kit
Linux Enterprise Desktop
Linux Enterprise Workstation Extension
Opensuse
Vendor
CVE Published:
11 June 2014

Summary

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.

References

http://www.openwall.com/lists/oss-security/2014/05/15/9
mailing-listx_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.