CVE-2014-8095

Debian Linux < 1.16.2.99.901 - Memory Corruption

Title source: rule
STIX 2.1

Description

The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3095
Patch, Vendor Advisory x_refsource_confirm
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0532.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-06
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/71599
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62292
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61947

Scores

EPSS 0.0443
EPSS Percentile 90.2%

Details

CWE
CWE-119
Status published
Products (3)
debian/debian_linux 7.0
x.org/x11 4.0
x.org/x_server < 1.16.2.99.901
Published Dec 10, 2014
Tracked Since Feb 18, 2026