CVE-2014-8093

Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://advisories.mageia.org/MGASA-2014-0532.html
http://nvidia.custhelp.com/app/answers/detail/a_id/3610
http://secunia.com/advisories/61947
http://secunia.com/advisories/62292
http://www.debian.org/security/2014/dsa-3095
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Vendor Advisory
http://www.securityfocus.com/bid/71596
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/	Patch Vendor Advisory
https://security.gentoo.org/glsa/201504-06

Configurations

Configuration 1 (hide)

cpe:2.3:a:x.org:x11:6.7:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:x.org:xfree86:4.0:*:*:*:*:*:*:*

History

13 Feb 2023, 00:42

Type	Values Removed	Values Added
Summary	Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges.	Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.
References	~~{'url': 'https://access.redhat.com/security/cve/CVE-2014-8093', 'name': 'https://access.redhat.com/security/cve/CVE-2014-8093', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1168688', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1168688', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2014:1983', 'name': 'https://access.redhat.com/errata/RHSA-2014:1983', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2014:1982', 'name': 'https://access.redhat.com/errata/RHSA-2014:1982', 'tags': [], 'refsource': 'MISC'}~~

02 Feb 2023, 20:18

Type	Values Removed	Values Added
References		(MISC) https://access.redhat.com/security/cve/CVE-2014-8093 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1168688 - (MISC) https://access.redhat.com/errata/RHSA-2014:1983 - (MISC) https://access.redhat.com/errata/RHSA-2014:1982 -
Summary	Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.	Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges.

Information

Published : 2014-12-10 15:59

Updated : 2023-12-10 11:31

NVD link : CVE-2014-8093

Mitre link : CVE-2014-8093

CVE.ORG link : CVE-2014-8093

JSON object : View

Products Affected

x.org

xfree86
xorg-server
x11

CWE

NVD-CWE-Other

6.5 /10