ID |
CVE-2014-2977
|
Summary |
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
-
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
-
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
-
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
-
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
-
cpe:2.3:a:directfb:directfb:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:directfb:directfb:1.4.13:*:*:*:*:*:*:*
|
CVSS |
Base: | 10.0 (as of 30-10-2018 - 16:27) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-189 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
confirm | http://advisories.mageia.org/MGASA-2015-0176.html | gentoo | GLSA-201701-55 | mandriva | MDVSA-2015:223 | mlist | - [directfb-dev] 20140327 IDirectFBSurface Dispatch_Write bugs
- [oss-security] 20140516 [CVE-2014-2977] DirectFB integer signedness vulnerability
| secunia | 58448 | suse | - SUSE-SU-2015:0839
- openSUSE-SU-2015:0807
|
|
Last major update |
30-10-2018 - 16:27 |
Published |
11-06-2014 - 14:55 |
Last modified |
30-10-2018 - 16:27 |