Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2014-8101

Published: 10/12/2014 Updated: 13/02/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Xfree86

Vulnerability Summary

The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) prior to 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

x.org xfree86 4.2.0

x.org xorg-server

x.org x11 6.7

Vendor Advisories

Ubuntu Security Notice: xorg-server, xorg-server-lts-trusty vulnerabilities
Several security issues were fixed in the XOrg X server ...
Red Hat: Important: xorg-x11-server security update
Synopsis Important: xorg-x11-server security update Type/Severity Security Advisory: Important Topic Updated xorg-x11-server packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Important securityimpact Com ...
Red Hat: Important: xorg-x11-server security update
Synopsis Important: xorg-x11-server security update Type/Severity Security Advisory: Important Topic Updated xorg-x11-server packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Important securityimpact Common Vu ...
Debian Security Advisories: DSA-3095-1 xorg-server -- security update
Ilja van Sprundel of IOActive discovered several security issues in the Xorg X server, which may lead to privilege escalation or denial of service For the stable distribution (wheezy), these problems have been fixed in version 1124-6+deb7u5 For the upcoming stable distribution (jessie), these problems will be fixed soon For the unstable distr ...
Amazon Linux AMI: ALAS-2015-470
Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the XOrg server calculated memory requirements for certain X11 core protocol and GLX extension requests A malicious, authenticated client could use either of these flaws to crash the XOrg server or, potentially, execute arbitrary code with root privileges (CVE-2 ...

References

CWE-119http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/http://secunia.com/advisories/62292http://www.debian.org/security/2014/dsa-3095http://advisories.mageia.org/MGASA-2014-0532.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:119http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttps://security.gentoo.org/glsa/201504-06http://www.securityfocus.com/bid/71605http://secunia.com/advisories/61947https://usn.ubuntu.com/2436-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook