CVE-2014-8094 — Integer Overflow or Wraparound in X Server

CWE-190 — Integer Overflow or Wraparound CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

1.0%

top 22.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server Debian Linux Oracle Solaris +1 more

Timeline

PublishedDec 10

Latest updateMay 17

Description

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶Debianx.org/xorg-server< 2:1.16.2.901-1+3

▶NVDx.org/x_server155 versions+154

▶NVDoracle/solaris10, 11.2+1

Also affects: Debian Linux 7.0

Patches

Patch: www.x.org ↗Patch: www.x.org ↗

🔴Vulnerability Details

GHSA

GHSA-qmxm-339w-x3r6: Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X↗2022-05-17

▶

OSV

CVE-2014-8094: Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X↗2014-12-10

▶

CVEList

CVE-2014-8094: Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X↗2014-12-10

▶

📋Vendor Advisories

Ubuntu

X.Org X server vulnerabilities↗2014-12-09

▶

Red Hat

xorg-x11-server: integer overflow in DRI2 extension function ProcDRI2GetBuffers()↗2014-12-09

▶

Debian

CVE-2014-8094: xorg-server - Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.O...↗2014

▶

💬Community

Bugzilla

tigervnc requires rebuild after Dec-2014 xorg-x11-server CVEs↗2015-01-11

▶

Bugzilla

CVE-2014-8094 xorg-x11-server: integer overflow in DRI2 extension function ProcDRI2GetBuffers()↗2014-11-27

▶