Description
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
References (8)
Core 8
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/05/15/9
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:223
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-55
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html
Various Sources mailing-list
x_refsource_mlist
http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2015-0176.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58448
Scores
EPSS
0.0965
EPSS Percentile
93.0%
Details
CWE
CWE-189
Status
published
Products (7)
directfb/directfb
1.4.13
opensuse/opensuse
13.1
opensuse/opensuse
13.2
suse/linux_enterprise_desktop
12
suse/linux_enterprise_software_development_kit
12
suse/linux_enterprise_workstation_extension
12
suse/suse_linux_enterprise_server
12
Published
Jun 11, 2014
Tracked Since
Feb 18, 2026