Published: 10/12/2014 Updated: 13/02/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) prior to 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org x11 1.0
x.org xorg-server

Debian Bug report logs - #774308 xserver-xorg: X-Server crashes when maximizing application windows (arithmetic exception in dix/mainc) Package: xorg-server; Maintainer for xorg-server is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Andreas Cord-Landwehr <cordlandwehr@kdeorg> Date: Wed, 31 Dec 201 ...

Several security issues were fixed in the XOrg X server ...

Synopsis Important: xorg-x11-server security update Type/Severity Security Advisory: Important Topic Updated xorg-x11-server packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Important securityimpact Com ...

Synopsis Important: xorg-x11-server security update Type/Severity Security Advisory: Important Topic Updated xorg-x11-server packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Important securityimpact Common Vu ...

Ilja van Sprundel of IOActive discovered several security issues in the Xorg X server, which may lead to privilege escalation or denial of service For the stable distribution (wheezy), these problems have been fixed in version 1124-6+deb7u5 For the upcoming stable distribution (jessie), these problems will be fixed soon For the unstable distr ...

Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the XOrg server calculated memory requirements for certain X11 core protocol and GLX extension requests A malicious, authenticated client could use either of these flaws to crash the XOrg server or, potentially, execute arbitrary code with root privileges (CVE-2 ...

NVD-CWE-Other http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://advisories.mageia.org/MGASA-2014-0532.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://security.gentoo.org/glsa/201504-06 http://www.securityfocus.com/bid/71595 http://secunia.com/advisories/61947 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774308 https://usn.ubuntu.com/2436-1/https://nvd.nist.gov

CVE-2014-8092

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect