CVE-2014-8092 : Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.O

Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.

Published 2014-12-10 15:59:05

Updated 2023-02-13 00:42:37

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Products affected by CVE-2014-8092

X.org » X11 » Version: 1.0
cpe:2.3:a:x.org:x11:1.0:*:*:*:*:*:*:*
Matching versions
X.org » Xorg-server
Versions up to, including, (<=) 1.16.2.99.901
cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-8092

EPSS FAQ

1.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8092

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2014-8092

http://www.debian.org/security/2014/dsa-3095

Debian -- Security Information -- DSA-3095-1 xorg-server

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Oracle Solaris Third Party Bulletin - April 2015

CVEs referencing this url
http://advisories.mageia.org/MGASA-2014-0532.html

Mageia Advisory: MGASA-2014-0532 - Updated x11-server packages fix security vulnerabilities

CVEs referencing this url
https://security.gentoo.org/glsa/201504-06

X.Org X Server: Multiple vulnerabilities (GLSA 201504-06) — Gentoo security

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Oracle Solaris Third Party Bulletin - October 2015

CVEs referencing this url
http://www.securityfocus.com/bid/71595

X.Org X Server Protocol Handling Multiple Integer Overflow Vulnerabilities
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/

Advisory-2014-12-09
Patch;Vendor Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119

mandriva.com

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Oracle Bulletin Board Update - January 2015

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Oracle Critical Patch Update - July 2015
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/61947

Sign in

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-8092

Products affected by CVE-2014-8092

Exploit prediction scoring system (EPSS) score for CVE-2014-8092

CVSS scores for CVE-2014-8092

References for CVE-2014-8092