PT-2014-1848 · X.Org+5 · X.Org Server+5

Ilja Van Sprundel

·

Published

2014-12-09

·

Updated

2025-08-29

·

CVE-2014-8098

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-debuginfo version 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-Xvfb version 1.15.0 xorg-x11-server-debuginfo version 1.1.1 xorg-x11-server-Xvnc-source version 1.1.1 xorg-x11-server version 1.15.0 xorg-x11-server-common version 1.15.0 xorg-x11-server-devel version 1.15.0 xorg-x11-server-Xorg version 1.15.0 X.Org Server versions prior to 1.16.3
Description The issue affects the GLX extension in X.Org Server, allowing remote authenticated users to cause a denial of service or possibly execute arbitrary code via a crafted length or index value to various functions, including glXDisp Render, glXDisp RenderLarge, glXDispSwap VendorPrivate, and others. The exploitation can be done remotely by an attacker who has passed the authentication procedure.
Recommendations For xorg-x11-server-Xdmx version 1.15.0, update to a version newer than 1.15.0. For xorg-x11-server-debuginfo version 1.15.0, update to a version newer than 1.15.0. For xorg-x11-server-Xnest version 1.15.0, update to a version newer than 1.15.0. For xorg-x11-server-Xephyr version 1.15.0, update to a version newer than 1.15.0. For xorg-x11-server-source version 1.15.0, update to a version newer than 1.15.0. For xorg-x11-server-Xvfb version 1.15.0, update to a version newer than 1.15.0. For xorg-x11-server-debuginfo version 1.1.1, update to a version newer than 1.1.1. For xorg-x11-server-Xvnc-source version 1.1.1, update to a version newer than 1.1.1. For xorg-x11-server version 1.15.0, update to a version newer than 1.15.0. For xorg-x11-server-common version 1.15.0, update to a version newer than 1.15.0. For xorg-x11-server-devel version 1.15.0, update to a version newer than 1.15.0. For xorg-x11-server-Xorg version 1.15.0, update to a version newer than 1.15.0. For X.Org Server versions prior to 1.16.3, update to version 1.16.3 or newer.

Fix

DoS

Buffer Overflow

NULL Pointer Dereference

Integer Overflow

Weakness Enumeration

CWE-119CWE-476CWE-190

Related Identifiers

ALT-PU-2014-2434
BDU:2015-06579
BDU:2015-06581
BDU:2015-06583
BDU:2015-06584
BDU:2015-06586
BDU:2015-06590
BDU:2015-06592
BDU:2015-06595
BDU:2015-06598
BDU:2015-06601
BDU:2015-06604
BDU:2015-06606
BDU:2015-09275
BDU:2015-09276
BDU:2015-09277
BDU:2015-09278
BDU:2015-09279
BDU:2015-09280
BDU:2015-09281
BDU:2015-09282
BDU:2015-09283
BDU:2015-09284
BDU:2015-09285
BDU:2015-09286
CESA-2014_1983
CVE-2014-8098
DLA-120-1
DSA-3095-1
MGASA-2014-0532
MGASA-2015-0005
RHSA-2014:1982
RHSA-2014:1983
RHSA-2014_1982
RHSA-2014_1983
SUSE-SU-2015:0427-1
SUSE-SU-2015:1025-1
USN-2436-1
USN-2436-2
USN-2438-1

Affected Products

Alt Linux
Centos
Red Hat
Suse
Ubuntu
X.Org Server