CVE-2014-8097 : The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before

The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.

Published 2014-12-10 15:59:10

Updated 2023-02-13 00:42:39

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2014-8097

Probability of exploitation activity in the next 30 days: 1.57%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-8097

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-8097

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-8097

http://www.debian.org/security/2014/dsa-3095

Debian -- Security Information -- DSA-3095-1 xorg-server

CVEs referencing this url
http://advisories.mageia.org/MGASA-2014-0532.html

Mageia Advisory: MGASA-2014-0532 - Updated x11-server packages fix security vulnerabilities

CVEs referencing this url
https://security.gentoo.org/glsa/201504-06

X.Org X Server: Multiple vulnerabilities (GLSA 201504-06) — Gentoo security

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Oracle Solaris Third Party Bulletin - October 2015

CVEs referencing this url
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/

Advisory-2014-12-09
Patch;Vendor Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119

mandriva.com

CVEs referencing this url
http://www.securityfocus.com/bid/71604

X.Org X Server CVE-2014-8097 Out of Bounds Multiple Integer Overflow Vulnerabilities
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Oracle Bulletin Board Update - January 2015

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Oracle Critical Patch Update - July 2015

CVEs referencing this url
http://secunia.com/advisories/61947

Sign in

CVEs referencing this url

Products affected by CVE-2014-8097

X.org » X11 » Version: 6.1
cpe:2.3:a:x.org:x11:6.1:*:*:*:*:*:*:*
Matching versions
X.org » Xorg-server
Versions up to, including, (<=) 1.16.2.99.901
cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-8097

Exploit prediction scoring system (EPSS) score for CVE-2014-8097

CVSS scores for CVE-2014-8097

CWE ids for CVE-2014-8097

References for CVE-2014-8097

Products affected by CVE-2014-8097