CVE-2014-2978 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Directfb

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources

Severity

10.0CRITICALNVD

EPSS

8.1%

top 7.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Directfb Opensuse Suse Linux Enterprise Desktop +3 more

Timeline

PublishedJun 11

Latest updateMay 14

Description

The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

▶NVDdirectfb/directfb1.4.4

▶NVDopensuse/opensuse13.1, 13.2+1

▶NVDsuse/linux_enterprise_desktop12

▶NVDsuse/suse_linux_enterprise_server12

▶NVDsuse/linux_enterprise_workstation_extension12

🔴Vulnerability Details

GHSA

GHSA-c84x-q5hx-4xvc: The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher↗2022-05-14

▶

CVEList

CVE-2014-2978: The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher↗2014-06-11

▶

📋Vendor Advisories

Debian

CVE-2014-2978: directfb - The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in...↗2014

▶

💬Community

Bugzilla

CVE-2014-2978 DirectFB: remote out-of-bounds write vulnerability [epel-all]↗2014-05-16

▶

Bugzilla

CVE-2014-2978 DirectFB: remote out-of-bounds write vulnerability↗2014-05-16

▶

Bugzilla

CVE-2014-2978 DirectFB: remote out-of-bounds write vulnerability [fedora-all]↗2014-05-16

▶