Remote Code Execution Flaw in X.Org X Window System
CVE-2014-8100

Currently unrated

Key Information:

Vendor: X.org
Status: Xfree86
Vendor: CVE Published:; 10 December 2014

What is CVE-2014-8100?

The Render extension in various versions of the X.Org X Window System allows remote authenticated users to exploit crafted values in specific functions. This creates potential for an out-of-bounds read or write, which could lead to a denial of service or enable arbitrary code execution. Malicious actors may exploit this vulnerability through functions such as ProcRenderQueryVersion and SProcRenderCreatePicture, affecting system stability and security.

References

http://www.debian.org/security/2014/dsa-3095

vendor-advisoryx_refsource_DEBIAN

http://www.x.org/wiki/Development/Security/Advisory-2014-...

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpujul2...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2014
Vulnerability Reserved
Oct 10, 2014

X.org

What is CVE-2014-8100?

References

Timeline