CVE-2014-8092 — Integer Overflow or Wraparound in X Server

CWE-190 — Integer Overflow or Wraparound CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

1.3%

top 20.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org X Server X.org X11

Timeline

PublishedDec 10

Latest updateMay 17

Description

Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶Debianx.org/xorg-server< 2:1.16.2.901-1+3

▶NVDx.org/x_server1.16.2.99.901

▶NVDx.org/x111.0

Patches

Patch: www.x.org ↗Patch: www.x.org ↗

🔴Vulnerability Details

GHSA

GHSA-5xcf-4m43-c4p9: Multiple integer overflows in X↗2022-05-17

▶

OSV

CVE-2014-8092: Multiple integer overflows in X↗2014-12-10

▶

CVEList

CVE-2014-8092: Multiple integer overflows in X↗2014-12-10

▶

📋Vendor Advisories

Ubuntu

X.Org X server vulnerabilities↗2014-12-09

▶

Red Hat

xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests↗2014-12-09

▶

Debian

CVE-2014-8092: xorg-server - Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.O...↗2014

▶

💬Community

Bugzilla

CVE-2015-3418 xorg-x11-server: divide-by-zero when checking image dimensions↗2015-04-28

▶

Bugzilla

tigervnc requires rebuild after Dec-2014 xorg-x11-server CVEs↗2015-01-11

▶

Bugzilla

CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests↗2014-11-27

▶