Integer Overflow Vulnerability in X.Org Server Affects Multiple Versions
CVE-2014-8094

Currently unrated

Key Information:

Vendor: X.org
Status: Xorg-server
Vendor: CVE Published:; 10 December 2014

What is CVE-2014-8094?

An integer overflow vulnerability exists in the ProcDRI2GetBuffers function of the DRI2 extension in X.Org Server. This flaw permits remote authenticated users to send carefully crafted requests, potentially leading to a denial of service through an application crash or, in some circumstances, the execution of arbitrary code by triggering out-of-bounds reads or writes. Users operating affected versions are advised to implement necessary patches to mitigate the risk.

References

http://www.debian.org/security/2014/dsa-3095

vendor-advisoryx_refsource_DEBIAN

http://www.x.org/wiki/Development/Security/Advisory-2014-...

x_refsource_CONFIRM

http://advisories.mageia.org/MGASA-2014-0532.html

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2014
Vulnerability Reserved
Oct 10, 2014

X.org

What is CVE-2014-8094?

References

Timeline