Published: 10/12/2014 Updated: 13/02/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) prior to 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org x11 6.7
x.org xorg-server
x.org xfree86 4.0

Debian Bug report logs - #772972 src:nvidia-graphics-drivers*: CVE-2014-8298: GLX-INDIRECT (Including CVE-2014-8093, CVE-2014-8098) Package: src:nvidia-graphics-drivers-legacy-96xx; Maintainer for src:nvidia-graphics-drivers-legacy-96xx is (unknown); Reported by: Andreas Beckmann <anbe@debianorg> Date: Fri, 12 Dec 2014 16: ...

Several security issues were fixed in the XOrg X server ...

Synopsis Important: xorg-x11-server security update Type/Severity Security Advisory: Important Topic Updated xorg-x11-server packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Important securityimpact Com ...

Synopsis Important: xorg-x11-server security update Type/Severity Security Advisory: Important Topic Updated xorg-x11-server packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Important securityimpact Common Vu ...

Ilja van Sprundel of IOActive discovered several security issues in the Xorg X server, which may lead to privilege escalation or denial of service For the stable distribution (wheezy), these problems have been fixed in version 1124-6+deb7u5 For the upcoming stable distribution (jessie), these problems will be fixed soon For the unstable distr ...

Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the XOrg server calculated memory requirements for certain X11 core protocol and GLX extension requests A malicious, authenticated client could use either of these flaws to crash the XOrg server or, potentially, execute arbitrary code with root privileges (CVE-2 ...

NVD-CWE-Other http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/http://nvidia.custhelp.com/app/answers/detail/a_id/3610 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://advisories.mageia.org/MGASA-2014-0532.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://security.gentoo.org/glsa/201504-06 http://www.securityfocus.com/bid/71596 http://secunia.com/advisories/61947 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772972 https://usn.ubuntu.com/2436-1/https://nvd.nist.gov

CVE-2014-8093

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect