Integer Signedness Vulnerability in DirectFB by DirectFB
CVE-2014-2977

Currently unrated

Key Information:

Vendor

Suse
Status
Linux Enterprise Software Development Kit
Linux Enterprise Desktop
Linux Enterprise Workstation Extension
Opensuse
Vendor
CVE Published:
11 June 2014

What is CVE-2014-2977?

Multiple integer signedness errors exist in the Dispatch_Write function of DirectFB 1.4.13, which can be exploited by remote attackers. By leveraging the Voodoo interface, an attacker may trigger a stack-based buffer overflow, potentially leading to application crashes and enabling arbitrary code execution. This vulnerability underscores the importance of validating input data and the requirement for timely updates to maintain system integrity.

References

http://www.openwall.com/lists/oss-security/2014/05/15/9
mailing-listx_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.