CVE-2014-2977

Currently unrated

Key Information:

Vendor: Suse
Status: Linux Enterprise Software Development Kit; Linux Enterprise Desktop; Linux Enterprise Workstation Extension; Opensuse
Vendor: CVE Published:; 11 June 2014

Summary

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.

References

http://www.openwall.com/lists/oss-security/2014/05/15/9

mailing-listx_refsource_MLIST

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Jun 11, 2014
Vulnerability Reserved
Apr 21, 2014