ID CVE-2014-9766
Summary Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.
References
Vulnerable Configurations
  • cpe:2.3:a:pixman:pixman:-:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:-:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.16.6:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.16.6:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.18.4:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.18.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.20.2:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.20.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.22.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.24.4:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.24.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.26.2:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.26.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.28.2:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.28.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.30.2:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.30.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.32.2:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.32.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.32.4:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.32.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pixman:pixman:0.32.5:*:*:*:*:*:*:*
    cpe:2.3:a:pixman:pixman:0.32.5:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
CVSS
Base: 7.5 (as of 03-12-2016 - 03:02)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm
debian DSA-3525
mlist
  • [Pixman] 20140409 [PATCH] create_bits(): Cast the result of height * stride to size_t
  • [oss-security] 20160224 Re: [Pixman] create_bits(): Cast the result of height * stride to size_t
  • [oss-security] 20160224 [Pixman] create_bits(): Cast the result of height * stride to size_t
  • [xorg-announce] 20140705 [ANNOUNCE] pixman release 0.32.6 now available
ubuntu USN-2918-1
Last major update 03-12-2016 - 03:02
Published 13-04-2016 - 14:59
Last modified 03-12-2016 - 03:02
Back to Top