CVE-2014-8100

X.Org X Server < 1.16.3 - Authenticated Memory Corruption via Render Extension

Title source: llm
STIX 2.1

Description

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3095
Patch, Vendor Advisory x_refsource_confirm
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0532.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/71602
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-06
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62292
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61947

Scores

EPSS 0.0437
EPSS Percentile 90.1%

Details

CWE
CWE-119
Status published
Products (3)
x.org/x11 6.7
x.org/x_server < 1.16.2.99.901
x.org/xfree86 4.0.1
Published Dec 10, 2014
Tracked Since Feb 18, 2026