ID CVE-2014-2977
Summary Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
  • cpe:2.3:a:directfb:directfb:1.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:directfb:directfb:1.4.13:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
confirm http://advisories.mageia.org/MGASA-2015-0176.html
gentoo GLSA-201701-55
mandriva MDVSA-2015:223
mlist
  • [directfb-dev] 20140327 IDirectFBSurface Dispatch_Write bugs
  • [oss-security] 20140516 [CVE-2014-2977] DirectFB integer signedness vulnerability
secunia 58448
suse
  • SUSE-SU-2015:0839
  • openSUSE-SU-2015:0807
Last major update 30-10-2018 - 16:27
Published 11-06-2014 - 14:55
Last modified 30-10-2018 - 16:27
Back to Top