CVE-2014-8097 : The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Serv

The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.

Published 2014-12-10 15:59:10

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Products affected by CVE-2014-8097

X.org » X11 » Version: 6.1
cpe:2.3:a:x.org:x11:6.1:*:*:*:*:*:*:*
Matching versions
X.org » Xorg-server
Versions up to, including, (<=) 1.16.2.99.901
cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-8097

EPSS FAQ

1.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8097

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-8097

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-8097

http://www.debian.org/security/2014/dsa-3095

Debian -- Security Information -- DSA-3095-1 xorg-server

CVEs referencing this url
http://secunia.com/advisories/62292

Sign in

CVEs referencing this url
http://advisories.mageia.org/MGASA-2014-0532.html

Mageia Advisory: MGASA-2014-0532 - Updated x11-server packages fix security vulnerabilities

CVEs referencing this url
https://security.gentoo.org/glsa/201504-06

X.Org X Server: Multiple vulnerabilities (GLSA 201504-06) — Gentoo security

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Oracle Solaris Third Party Bulletin - October 2015

CVEs referencing this url
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/

Advisory-2014-12-09
Patch;Vendor Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119

mandriva.com

CVEs referencing this url
http://www.securityfocus.com/bid/71604

X.Org X Server CVE-2014-8097 Out of Bounds Multiple Integer Overflow Vulnerabilities
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Oracle Bulletin Board Update - January 2015

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Oracle Critical Patch Update - July 2015

CVEs referencing this url
http://secunia.com/advisories/61947

Sign in

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-8097

Products affected by CVE-2014-8097

Exploit prediction scoring system (EPSS) score for CVE-2014-8097

CVSS scores for CVE-2014-8097

CWE ids for CVE-2014-8097

References for CVE-2014-8097