Denial of Service Vulnerability in X.Org X Window System Affecting XFree86
CVE-2014-8101

Currently unrated

Key Information:

Vendor: X.org
Status: Xfree86
Vendor: CVE Published:; 10 December 2014

What is CVE-2014-8101?

The RandR extension in various versions of the X.Org X Window System (including XFree86 and X.Org Server) contains a vulnerability that allows authenticated remote users to exploit crafted length or index values. This exploitation could lead to denial of service through out-of-bounds read or write operations, or even the potential execution of arbitrary code through key functions such as SProcRRQueryVersion, SProcRRGetScreenInfo, SProcRRSelectInput, and SProcRRConfigureOutputProperty.

References

http://www.debian.org/security/2014/dsa-3095

vendor-advisoryx_refsource_DEBIAN

http://www.x.org/wiki/Development/Security/Advisory-2014-...

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpujul2...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2014
Vulnerability Reserved
Oct 10, 2014

X.org

What is CVE-2014-8101?

References

Timeline