CVE-2014-8097 — Improper Restriction of Operations within the Bounds of a Memory Buffer in X Server

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound CWE-125 — Out-of-bounds Read9 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

1.3%

top 20.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org X Server X.org X11

Timeline

PublishedDec 10

Latest updateMay 17

Description

The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶Debianx.org/xorg-server< 2:1.16.2.901-1+3

▶NVDx.org/x_server1.16.2.99.901

▶NVDx.org/x116.1

Patches

Patch: www.x.org ↗Patch: www.x.org ↗

🔴Vulnerability Details

GHSA

GHSA-5v63-4r2j-93hp: The DBE extension in X↗2022-05-17

▶

CVEList

CVE-2014-8097: The DBE extension in X↗2014-12-10

▶

OSV

CVE-2014-8097: The DBE extension in X↗2014-12-10

▶

📋Vendor Advisories

Ubuntu

X.Org X server vulnerabilities↗2014-12-09

▶

Red Hat

xorg-x11-server: out of bounds access due to not validating length or offset values in DBE extension↗2014-12-09

▶

Debian

CVE-2014-8097: xorg-server - The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Serv...↗2014

▶

💬Community

Bugzilla

tigervnc requires rebuild after Dec-2014 xorg-x11-server CVEs↗2015-01-11

▶

Bugzilla

CVE-2014-8097 xorg-x11-server: out of bounds access due to not validating length or offset values in DBE extension↗2014-11-27

▶