PT-2014-5000 · Directfb+1 · Directfb+1

Frédéric Basse

Publicado

2014-06-11

Atualizado

2024-06-15

CVE-2014-2978

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DirectFB version 1.4.4

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write in the Dispatch Write function in proxy/dispatcher/idirectfbsurface dispatcher.c.

Recommendations For DirectFB version 1.4.4, consider disabling the Voodoo interface as a temporary workaround until a patch is available. Restrict access to the Dispatch Write function in proxy/dispatcher/idirectfbsurface dispatcher.c to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2014-2978

MGASA-2015-0176

OPENSUSE-SU-2015_0807-1

OPENSUSE-SU-2024:10535-1

SUSE-SU-2015:0839-1

Produtos afetados

Directfb

Suse

PT-2014-5000 · Directfb+1 · Directfb+1

CVE-2014-2978

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23