CVE-2014-8100
CVSS V2 Medium 6.5
CVSS V3 None
Description
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.
Overview
- CVE ID
- CVE-2014-8100
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2014-12-10T15:59:13
- Last Modified Date
- 2023-02-13T00:42:39
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:x.org:xfree86:4.0.1:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:* | 1 | OR | 1.16.2.99.901 | |
cpe:2.3:a:x.org:x11:6.7:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.5
- Severity
- MEDIUM
- Exploitability Score
- 8
- Impact Score
- 6.4
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2014-8100 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 09:53:15 | Added to TrackCVE | |||
2022-12-02 02:37:14 | 2014-12-10T15:59Z | 2014-12-10T15:59:13 | CVE Published Date | updated |
2022-12-02 02:37:14 | 2017-01-03T02:59:17 | CVE Modified Date | updated | |
2022-12-02 02:37:14 | Modified | Vulnerability Status | updated | |
2023-02-02 21:04:48 | 2023-02-02T20:19:10 | CVE Modified Date | updated | |
2023-02-02 21:04:49 | The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function. | Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. | Description | updated |
2023-02-02 21:04:55 | References | updated | ||
2023-02-13 01:05:36 | 2023-02-13T00:42:39 | CVE Modified Date | updated | |
2023-02-13 01:05:36 | Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. | The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function. | Description | updated |