CVE-2014-9766

Name of the Vulnerable Software and Affected Versions Pixman versions prior to 0.32.6

Description The issue is caused by an integer overflow in the create bits function in pixman-bits-image.c. This can be exploited by a remote attacker to cause a denial of service, resulting in the application crashing, or possibly to execute arbitrary code. The exploitation is facilitated by large height and stride values.

Recommendations For versions prior to 0.32.6, update to version 0.32.6 or later to resolve the issue. As a temporary workaround, consider restricting the input values for height and stride to prevent large values from being processed by the create bits function.