Integer Signedness Vulnerability in DirectFB by DirectFB
CVE-2014-2977

Currently unrated

Key Information:

Vendor: Suse
Status: Linux Enterprise Software Development Kit; Linux Enterprise Desktop; Linux Enterprise Workstation Extension; Opensuse
Vendor: CVE Published:; 11 June 2014

Summary

Multiple integer signedness errors exist in the Dispatch_Write function of DirectFB 1.4.13, which can be exploited by remote attackers. By leveraging the Voodoo interface, an attacker may trigger a stack-based buffer overflow, potentially leading to application crashes and enabling arbitrary code execution. This vulnerability underscores the importance of validating input data and the requirement for timely updates to maintain system integrity.

References

http://www.openwall.com/lists/oss-security/2014/05/15/9

mailing-listx_refsource_MLIST

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 11, 2014
Vulnerability Reserved
Apr 21, 2014