CVE-2014-8100

Name of the Vulnerable Software and Affected Versions XFree86 version 4.0.1 X.Org X Window System (aka X11 or X) version X11R6.7 X.Org Server (aka xserver and xorg-server) versions prior to 1.16.3 xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-debuginfo version 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-Xvfb version 1.15.0 xorg-x11-server-debuginfo version 1.1.1 xorg-x11-server-common version 1.15.0 xorg-x11-server-devel version 1.15.0 xorg-x11-server-Xvnc-source version 1.1.1 xorg-x11-server-Xorg version 1.15.0

Description The issue allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via a crafted length or index value to certain functions, including ProcRenderQueryVersion, SProcRenderQueryVersion, SProcRenderQueryPictFormats, SProcRenderQueryPictIndexValues, SProcRenderCreatePicture, SProcRenderChangePicture, SProcRenderSetPictureClipRectangles, SProcRenderFreePicture, SProcRenderComposite, SProcRenderScale, SProcRenderCreateGlyphSet, SProcRenderReferenceGlyphSet, SProcRenderFreeGlyphSet, SProcRenderFreeGlyphs, or SProcRenderCompositeGlyphs. The exploitation of these vulnerabilities can lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For XFree86 version 4.0.1, update to a version later than 4.0.1. For X.Org X Window System (aka X11 or X) version X11R6.7, update to a version later than X11R6.7. For X.Org Server (aka xserver and xorg-server) versions prior to 1.16.3, update to version 1.16.3 or later. For xorg-x11-server-Xdmx version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-debuginfo version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-Xnest version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-Xephyr version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-source version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-Xvfb version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-debuginfo version 1.1.1, update to a version later than 1.1.1. For xorg-x11-server-common version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-devel version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-Xvnc-source version 1.1.1, update to a version later than 1.1.1. For xorg-x11-server-Xorg version 1.15.0, update to a version later than 1.15.0. As a temporary workaround, consider disabling the vulnerable functions until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.